[Mplayer-advusers] ffmjpeg DR? bug
rsnel at cube.dyndns.org
rsnel at cube.dyndns.org
Tue Nov 4 22:18:50 CET 2003
Hello,
See ffmjpeg-DR-bug.avi in MPlayer/incoming/.
(ffmjpeg-DR-bug.txt doesn't contain the disassembly
and the register info, this mail does)
Description:
when I play ffmjpeg-DR-bug.avi with mplayer, mplayer
crashes with signal 11.
If I remove CODEC_CAP_DR1 from AVCodec mjpeg_decoder; in
libavcodec/mjpeg.c, the crash disappears.
Using --disable-mmx makes no difference.
My guess is that it has someting to do with the colorspace
of the JPEGS inside. (YUV422, instead of the more common YUV420).
Here is the MPlayer output:
Script started on Tue Nov 4 22:11:58 2003
[rsnel at eniac]{~/src/mplayer/main}>gdb ./mplyer
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(gdb) run ~/capture/ffmjpeg-DR-bug.avi
Starting program: /home/rsnel/src/mplayer/main/mplayer ~/capture/ffmjpeg-DR-bug.avi
[New Thread 16384 (LWP 21264)]
Using GNU internationalization
Original domain: messages
Original dirname: /usr/share/locale
Current domain: mplayer
Current dirname: /opt/video//share/locale
MPlayer dev-CVS-031104-21:01-3.2.3 (C) 2000-2003 MPlayer Team
CPU: Advanced Micro Devices Athlon 4 /Athlon MP/XP Palomino 1545 MHz (Family: 6, Stepping: 2)
Detected cache-line size is 64 bytes
CPUflags: MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 0
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE
Reading config file /opt/video//etc/mplayer/mplayer.conf: No such file or directory
Reading config file /home/rsnel/.mplayer/config
Reading /home/rsnel/.mplayer/codecs.conf: Can't open '/home/rsnel/.mplayer/codecs.conf': No such file or directory
Reading /opt/video//etc/mplayer/codecs.conf: Can't open '/opt/video//etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
font: can't open file: /home/rsnel/.mplayer/font/font.desc
font: can't open file: /opt/video//share/mplayer/font/font.desc
Failed to open /dev/rtc: Permission denied (mplayer should be setuid root or /dev/rtc should be readable by the user.)
Using usleep() timing
Can't open input config file /home/rsnel/.mplayer/input.conf: No such file or directory
Can't open input config file /opt/video//etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
Playing /home/rsnel/capture/ffmjpeg-DR-bug.avi.
AVI file format detected.
VIDEO: [MJPG] 768x576 24bpp 25.000 fps 45747.3 kbps (5584.4 kbyte/s)
SUB: Could not determine file format
Cannot load subtitles: /home/rsnel/capture/ffmjpeg-DR-bug.txt
==========================================================================
Opening audio decoder: [pcm] Uncompressed PCM audio decoder
AUDIO: 44100 Hz, 2 ch, 16 bit (0x10), ratio: 176400->176400 (1411.2 kbit)
Selected audio codec: [pcm] afm:pcm (Uncompressed PCM)
==========================================================================
vo: X11 running at 1024x768 with depth 16 and 16 bpp (":0.0" => local display)
==========================================================================
Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family
Selected video codec: [ffmjpeg] vfm:ffmpeg (FFmpeg MJPEG decoder)
==========================================================================
Checking audio filter chain for 44100Hz/2ch/16bit -> 44100Hz/2ch/16bit...
AF_pre: af format: 2 bps, 2 ch, 44100 hz, little endian signed int
AF_pre: 44100Hz 2ch Signed 16-bit (Little-Endian)
AO: [oss] 44100Hz 2ch Signed 16-bit (Little-Endian) (2 bps)
Building audio filter chain for 44100Hz/2ch/16bit -> 44100Hz/2ch/16bit...
Starting playback...
[mjpeg @ 0x851ce50]mjpeg comment: ' COM'
VDec: vo config request - 768 x 576 (preferred csp: Planar 422P)
Could not find matching colorspace - retrying with -vf scale...
Opening video filter: [scale]
VDec: using Planar 422P as output csp (no 1)
Movie-Aspect is undefined - no prescaling applied.
SwScaler: using unscaled Planar 422P -> BGR 16-bit special converter
VO: [x11] 768x576 => 768x576 BGR 16-bit
A: 0.1 V: 0.0 A-V: 0.132 ct: 0.000 1/ 1 0% 0% 0.0% 0 0 0%A: 0.1 V: 0.0 A-V: 0.092 ct: 0.004 2/ 2 0% 0% 0.0% 0 0 0%A: 0.1 V: 0.1 A-V: 0.052 ct: 0.008 3/ 3 0% 0% 0.0% 0 0 0%
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 21264)]
0x082a6d36 in put_pixels_clamped_mmx (block=0x851d520,
pixels=0x40c7e040 "}}}~\177\200\201\202", line_size=1536)
at i386/dsputil_mmx.c:242
242 __asm __volatile(
(gdb) bt
#0 0x082a6d36 in put_pixels_clamped_mmx (block=0x851d520,
pixels=0x40c7e040 "}}}~\177\200\201\202", line_size=1536)
at i386/dsputil_mmx.c:242
#1 0x082baf88 in ff_simple_idct_put_mmx (
dest=0x600 <Address 0x600 out of bounds>, line_size=1536, block=0x851d520)
at i386/simple_idct_mmx.c:1307
#2 0x081e1bbe in mjpeg_decode_scan (s=0x851d0c0) at mjpeg.c:1337
#3 0x081e1f3c in mjpeg_decode_sos (s=0x851d0c0) at mjpeg.c:1458
#4 0x081e2a7b in mjpeg_decode_frame (avctx=0x851ce50, data=0x851cd90,
data_size=0xbfffe3fc, buf=0x407bb008 "ÿØÿà", buf_size=1536) at mjpeg.c:1840
#5 0x081caff4 in avcodec_decode_video (avctx=0x851ce50, picture=0x600,
got_picture_ptr=0xbfffe3fc, buf=0x600 <Address 0x600 out of bounds>,
buf_size=1536) at utils.c:418
#6 0x080d4deb in decode (sh=0x8508e08, data=0x851ce50, len=228828,
flags=-1073748996) at vd_ffmpeg.c:625
#7 0x080ce283 in decode_video (sh_video=0x8508e08,
start=0x600 <Address 0x600 out of bounds>, in_size=1536, drop_frame=0)
at dec_video.c:304
#8 0x0807a68c in main (argc=2, argv=0xbffff7e4) at mplayer.c:2097
#9 0x4a931b37 in __libc_start_main () from /lib/libc.so.6
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x82a6d16 to 0x82a6d56:
0x82a6d16 <put_pixels_clamped_mmx+38>: sub %cl,(%edi)
0x82a6d18 <put_pixels_clamped_mmx+40>: outsl %ds:(%esi),(%dx)
0x82a6d19 <put_pixels_clamped_mmx+41>:
jb 0x82a6d4b <put_pixels_clamped_mmx+91>
0x82a6d1b <put_pixels_clamped_mmx+43>: movq 0x38(%edx),%mm7
0x82a6d1f <put_pixels_clamped_mmx+47>: packuswb %mm1,%mm0
0x82a6d22 <put_pixels_clamped_mmx+50>: packuswb %mm3,%mm2
0x82a6d25 <put_pixels_clamped_mmx+53>: packuswb %mm5,%mm4
0x82a6d28 <put_pixels_clamped_mmx+56>: packuswb %mm7,%mm6
0x82a6d2b <put_pixels_clamped_mmx+59>: movq %mm0,(%ebx)
0x82a6d2e <put_pixels_clamped_mmx+62>: movq %mm2,(%ebx,%eax,1)
0x82a6d32 <put_pixels_clamped_mmx+66>: movq %mm4,(%ebx,%eax,2)
0x82a6d36 <put_pixels_clamped_mmx+70>: movq %mm6,(%ebx,%ecx,1)
0x82a6d3a <put_pixels_clamped_mmx+74>: lea (%ebx,%eax,4),%ebx
0x82a6d3d <put_pixels_clamped_mmx+77>: add $0x40,%edx
0x82a6d40 <put_pixels_clamped_mmx+80>: movq (%edx),%mm0
0x82a6d43 <put_pixels_clamped_mmx+83>: movq 0x8(%edx),%mm1
0x82a6d47 <put_pixels_clamped_mmx+87>: movq 0x10(%edx),%mm2
0x82a6d4b <put_pixels_clamped_mmx+91>: movq 0x18(%edx),%mm3
0x82a6d4f <put_pixels_clamped_mmx+95>: movq 0x20(%edx),%mm4
0x82a6d53 <put_pixels_clamped_mmx+99>: movq 0x28(%edx),%mm5
End of assembler dump.
(gdb) info all-registers
eax 0x600 1536
ecx 0x1200 4608
edx 0x851d520 139580704
ebx 0x40c7e040 1086840896
esp 0xbfffe1e4 0xbfffe1e4
ebp 0xbfffe1e8 0xbfffe1e8
esi 0x851d0c0 139579584
edi 0x851d3f4 139580404
eip 0x82a6d36 0x82a6d36
eflags 0x210246 2163270
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x7 7
st0 -nan(0x8281807f7e7d7d7d) (raw 0xffff8281807f7e7d7d7d)
st1 -nan(0x8200810080007f) (raw 0xffff008200810080007f)
st2 -nan(0x8181828384858686) (raw 0xffff8181828384858686)
st3 -nan(0x81008100820083) (raw 0xffff0081008100820083)
st4 -nan(0x7d7d7e7f7f808080) (raw 0xffff7d7d7e7f7f808080)
st5 -nan(0x7d007d007e007f) (raw 0xffff007d007d007e007f)
st6 -nan(0x8887868582807e7d) (raw 0xffff8887868582807e7d)
---Type <return> to continue, or q <return> to quit---
st7 -nan(0x88008700860085) (raw 0xffff0088008700860085)
fctrl 0x37f 895
fstat 0x420 1056
ftag 0xaaaa 43690
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x8000000000000000}, v16_int8 = {
0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x8000000000000000}, v16_int8 = {
0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x8000000000000000}, v16_int8 = {
---Type <return> to continue, or q <return> to quit---
0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x8000000000000000}, v16_int8 = {
0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x8000000000000000}, v16_int8 = {
0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x8000000000000000}, v16_int8 = {
0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
---Type <return> to continue, or q <return> to quit---
0x8000000000000000, 0x8000000000000000}, v16_int8 = {
0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x8000000000000000}, v16_int8 = {
0xff <repeats 16 times>}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0xffff, 0xffff}, v4_int32 = {0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff}, v2_int64 = {0xffffffffffffffff,
0xffffffffffffffff}, uint128 = 0xffffffffffffffffffffffffffffffff}
mxcsr 0x1f80 8064
orig_eax 0xffffffff -1
mm0 {uint64 = 0x8281807f7e7d7d7d, v2_int32 = {0x7e7d7d7d,
0x8281807f}, v4_int16 = {0x7d7d, 0x7e7d, 0x807f, 0x8281}, v8_int8 = {0x7d,
0x7d, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82}}
mm1 {uint64 = 0x8200810080007f, v2_int32 = {0x80007f, 0x820081},
v4_int16 = {0x7f, 0x80, 0x81, 0x82}, v8_int8 = {0x7f, 0x0, 0x80, 0x0, 0x81,
0x0, 0x82, 0x0}}
mm2 {uint64 = 0x8181828384858686, v2_int32 = {0x84858686,
0x81818283}, v4_int16 = {0x8686, 0x8485, 0x8283, 0x8181}, v8_int8 = {0x86,
0x86, 0x85, 0x84, 0x83, 0x82, 0x81, 0x81}}
mm3 {uint64 = 0x81008100820083, v2_int32 = {0x820083, 0x810081},
---Type <return> to continue, or q <return> to quit---
v4_int16 = {0x83, 0x82, 0x81, 0x81}, v8_int8 = {0x83, 0x0, 0x82, 0x0, 0x81,
0x0, 0x81, 0x0}}
mm4 {uint64 = 0x7d7d7e7f7f808080, v2_int32 = {0x7f808080,
0x7d7d7e7f}, v4_int16 = {0x8080, 0x7f80, 0x7e7f, 0x7d7d}, v8_int8 = {0x80,
0x80, 0x80, 0x7f, 0x7f, 0x7e, 0x7d, 0x7d}}
mm5 {uint64 = 0x7d007d007e007f, v2_int32 = {0x7e007f, 0x7d007d},
v4_int16 = {0x7f, 0x7e, 0x7d, 0x7d}, v8_int8 = {0x7f, 0x0, 0x7e, 0x0, 0x7d,
0x0, 0x7d, 0x0}}
mm6 {uint64 = 0x8887868582807e7d, v2_int32 = {0x82807e7d,
0x88878685}, v4_int16 = {0x7e7d, 0x8280, 0x8685, 0x8887}, v8_int8 = {0x7d,
0x7e, 0x80, 0x82, 0x85, 0x86, 0x87, 0x88}}
mm7 {uint64 = 0x88008700860085, v2_int32 = {0x860085, 0x880087},
v4_int16 = {0x85, 0x86, 0x87, 0x88}, v8_int8 = {0x85, 0x0, 0x86, 0x0, 0x87,
0x0, 0x88, 0x0}}
(gdb) quit
The program is running. Exit anyway? (y or n) y
[rsnel at eniac]{~/src/mplayer/main}>exit
Script done on Tue Nov 4 22:13:57 2003
The image on screen at the time of the crash is distorted.
I hope you can reproduce. If not, let me know.
Greetings,
Rik.
--
Nothing is ever a total loss; it can always serve as a bad example.
More information about the MPlayer-advusers
mailing list