[MPlayer-dev-eng] Re: [PATCH] fix for faad2 infinite loop after decoding error
Guillaume POIRIER
poirierg at gmail.com
Wed Jun 7 22:28:35 CEST 2006
Hi,
On 6/7/06, Bryan Alton <balton at eircom.net> wrote:
> Bryan Alton wrote:
>
> > I'll capture a sample stream and post it.
>
> Sample uploaded to mplayer/incoming called faad_infiniteloop.aacp
>
> It is a AACplus file copied from a stream and can be played with the
> following command.
>
> mplayer -ac faad -demuxer aac faad_infiniteloop.aacp
>
> The error occurs around 30sec - without the patch a loop, with the patch
> mplayer plays through.
OK. I was able to reproduce the problem thanks to your sample (very
cool music BTW).
Unfortunately, your fix doesn't work as well as you probably would like it to.
It trades an infinite loop for a segfault.
Here is a backtrace:
Playing /home/guillaume/faad_infiniteloop.aacp.
AAC file format detected.
==========================================================================
Forced audio codec: faad
Opening audio decoder: [faad] AAC (MPEG2/4 Advanced Audio Coding)
FAAD: compressed input bitrate missing, assuming 128kbit/s!
AUDIO: 44100 Hz, 2 ch, s16le, 128.0 kbit/9.07% (ratio: 16000->176400)
Selected audio codec: [faad] afm: faad (FAAD AAC (MPEG-2/MPEG-4 Audio) decoder)
==========================================================================
[AO OSS] audio_setup: Can't open audio device /dev/dsp: Device or resource busy
alsa-init: using device default
alsa: 48000 Hz/2 channels/4 bpf/65536 bytes buffer/Signed 16 bit Little Endian
AO: [alsa] 48000Hz 2ch s16le (2 bytes per sample)
Video: no video
Starting playback...
FAAD: error: Unexpected channel configuration change, trying to resync!
FAAD: error: Scalefactor out of range, trying to resync!
FAAD: error: Channel coupling not yet implemented, trying to resync!
FAAD: error: Unable to find ADTS syncword, trying to resync!
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1220483392 (LWP 18582)]
0xb77a0443 in memmove () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0xb77a0443 in memmove () from /lib/tls/i686/cmov/libc.so.6
#1 0x080ca141 in decode_audio (sh=0x876b000,
buf=0x869aa64 "V�\234J�1\001A�77@\r5\202;q,;2\221&\233)L
�]\0278*\n\f�\016\aU\032]\020�022�023\f\027\017\005$\024�\023\n�\225\002\032�207�\231�",
minlen=2240, maxlen=113164) at ad_faad.c:249
#2 0x080c5341 in decode_audio (sh_audio=0x8699190,
buf=0x86e7604
"����005��������031ִ��ۧ��001��026��177���214���216�p�177�Jʹ������\231�ڳ���\035��\036�\213�Ʒ��V���\237��\\�\031í�`�n�-�\203���\207�0��a�\201���\177���210������002�217��037���035����a��225�Գ�n��021����026�204Ң"...,
minlen=4096,
maxlen=<value optimized out>) at dec_audio.c:379
#3 0x0807798a in main (argc=6, argv=0xbfd5e874) at mplayer.c:3643
(gdb)
(gdb) info all-registers
eax 0xffffffff -1
ecx 0x3ffcb894 1073526932
edx 0x8699190 141136272
ebx 0x848a95c 138979676
esp 0xbfd5d4e8 0xbfd5d4e8
ebp 0xbfd5d538 0xbfd5d538
esi 0x876b000 141996032
edi 0x876afff 141996031
eip 0xb77a0443 0xb77a0443 <memmove+35>
eflags 0x10217 66071
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 -nan(0x800000000000f98c) (raw 0xffff800000000000f98c)
st1 -4257.0185546875 (raw 0xc00b8508260000000000)
st2 -4819.99072265625 (raw 0xc00b969fed0000000000)
st3 -32768 (raw 0xc00e8000000000000000)
st4 32767 (raw 0x400dfffe000000000000)
st5 -32768 (raw 0xc00e8000000000000000)
st6 3713279.9999999740948624094016849995 (raw
0x4014e2a3fffffffe42f4)
---Type <return> to continue, or q <return> to quit---
st7 90000 (raw 0x400fafc8000000000000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x73 115
fioff 0x8077929 134707497
foseg 0x7b 123
fooff 0xbfd5d620 -1076505056
fop 0x59d 1437
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
---Type <return> to continue, or q <return> to quit---
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr 0x1f80 8064
mm0 {uint64 = 0x800000000000f98c, v2_int32 = {0xf98c,
0x80000000}, v4_int16 = {0xf98c, 0x0, 0x0, 0x8000}, v8_int8 = {0x8c,
0xf9, 0x0, 0x0, 0x0, 0x0, 0x0,
0x80}}
mm1 {uint64 = 0x8508260000000000, v2_int32 = {0x0,
0x85082600}, v4_int16 = {0x0, 0x0, 0x2600, 0x8508}, v8_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x26, 0x8,
0x85}}
mm2 {uint64 = 0x969fed0000000000, v2_int32 = {0x0,
0x969fed00}, v4_int16 = {0x0, 0x0, 0xed00, 0x969f}, v8_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0xed, 0x9f,
0x96}}
mm3 {uint64 = 0x8000000000000000, v2_int32 = {0x0,
0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm4 {uint64 = 0xfffe000000000000, v2_int32 = {0x0,
0xfffe0000}, v4_int16 = {0x0, 0x0, 0x0, 0xfffe}, v8_int8 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0xfe, 0xff}}
mm5 {uint64 = 0x8000000000000000, v2_int32 = {0x0,
0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm6 {uint64 = 0xe2a3fffffffe42f4, v2_int32 = {0xfffe42f4,
0xe2a3ffff}, v4_int16 = {0x42f4, 0xfffe, 0xffff, 0xe2a3}, v8_int8 =
{0xf4, 0x42, 0xfe, 0xff,
0xff, 0xff, 0xa3, 0xe2}}
mm7 {uint64 = 0xafc8000000000000, v2_int32 = {0x0,
0xafc80000}, v4_int16 = {0x0, 0x0, 0x0, 0xafc8}, v8_int8 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0xc8, 0xaf}}
Here is what happen if I do not run mplayer inside GDB:
[....]
FAAD: error: Unable to find ADTS syncword, trying to resync!
MPlayer interrupted by signal 11 in module: decode_audio
- MPlayer crashed by bad usage of CPU/FPU/RAM.
Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and
disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen.
It can be a bug in the MPlayer code _or_ in your drivers _or_ in your
gcc version. If you think it's MPlayer's fault, please read
DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and
won't help unless you provide this information when reporting a possible bug.
MPlayer interrupted by signal 11 in module: uninit_acodec
*** glibc detected *** double free or corruption (out): 0x08699190 ***
MPlayer interrupted by signal 6 in module: free_demuxer
Here is what valgrind has to say:
==18994==
==18994== Process terminating with default action of signal 11 (SIGSEGV)
==18994== Access not within mapped region at address 0x8804E5BE
==18994== at 0x8128652: af_remove (af.c:206)
==18994== by 0x81286FB: af_uninit (af.c:333)
==18994== by 0x80C56F9: uninit_audio (dec_audio.c:256)
==18994== by 0x807514C: uninit_player (mplayer.c:423)
==18994== by 0x8075345: exit_player_with_rc (mplayer.c:513)
==18994== by 0x472CA47: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==18994== by 0x80CA140: decode_audio (ad_faad.c:249)
==18994== by 0x80C5340: decode_audio (dec_audio.c:379)
==18994== by 0x8077989: main (mplayer.c:3643)
==18994==
==18994== Process terminating with default action of signal 11 (SIGSEGV)
==18994== Access not within mapped region at address 0x66000004
==18994== at 0x47CBAC4: tdestroy (in /lib/tls/i686/cmov/libc-2.3.6.so)
==18994== by 0x480CEAD: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==18994== by 0x480CC41: __libc_freeres (in /lib/tls/i686/cmov/libc-2.3.6.so)
==18994== by 0x401931E: _vgw_freeres (vg_preloaded.c:62)
==18994==
==18994== ERROR SUMMARY: 100000 errors from 14 contexts (suppressed: 109 from 1)
==18994== malloc/free: in use at exit: 927,792 bytes in 5,144 blocks.
==18994== malloc/free: 11,405 allocs, 6,264 frees, 6,891,628 bytes allocated.
==18994== For counts of detected errors, rerun with: -v
==18994== searching for pointers to 5,144 not-freed blocks.
==18994== checked 3,047,676 bytes.
==18994==
==18994== LEAK SUMMARY:
==18994== definitely lost: 180,015 bytes in 2,851 blocks.
==18994== possibly lost: 375,124 bytes in 44 blocks.
==18994== still reachable: 372,653 bytes in 2,249 blocks.
==18994== suppressed: 0 bytes in 0 blocks.
==18994== Use --leak-check=full to see details of leaked memory.
Erreur de segmentation
It would be nice if you could addreess this issue....
My setup: Ubuntu Dapper, GCC 4.1.
Hope that helps...
Guillaume
--
"Success consists of going from failure to failure without loss of enthusiasm."
-- Winston Churchill
More information about the MPlayer-dev-eng
mailing list