[Ffmpeg-devel] h.264 decoder segfault

Benoit Fouet benoit.fouet
Tue Jan 23 16:39:38 CET 2007 

hi,

Michael Niedermayer wrote:
> could you try the above with a h264.c compiled with -O0 and if that
> fails with #undef ARCH_X86 #undef HAVE_MMX ?
>   
ok, everything down there is from ffmpeg root repo.

here is my diff for h264.c:

Index: libavcodec/h264.c
===================================================================
--- libavcodec/h264.c   (revision 7661)
+++ libavcodec/h264.c   (working copy)
@@ -26,6 +26,8 @@
  * @author Michael Niedermayer <michaelni at gmx.at>
  */

+#undef ARCH_X86
+#undef HAVE_MMX
 #include "common.h"
 #include "dsputil.h"
 #include "avcodec.h"

i compiled it using the following command (so with the -O0)
$ cd libavcodec
$ gcc -I"/home/bfouet/env/open_sources/ffmpeg"/libswscale  
-DHAVE_AV_CONFIG_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-D_ISOC9X_SOURCE -I"/home/bfouet/env/open_sources/ffmpeg"
-I"/home/bfouet/env/open_sources/ffmpeg"
-I"/home/bfouet/env/open_sources/ffmpeg"/libavutil -fomit-frame-pointer
-g -Wdeclaration-after-statement -Wall -Wno-switch
-Wdisabled-optimization -Wpointer-arith -Wredundant-decls -O0  -c -o
h264.o h264.c
$ cd ..
$ make

then i reused the same line i gave this morning:
$ valgrind -v --tool=memcheck ./ffmpeg_g -y -i
http://darkkben.free.fr/corrupted_h264.mp4 out_test.mp4
[...]
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from
'http://darkkben.free.fr/corrupted_h264.mp4':
  Duration: 00:00:24.0, start: 0.000000, bitrate: 247 kb/s
  Stream #0.0(und): Video: h264, yuv420p, 320x240, 30.00 fps(r)
  Stream #0.1(und): Data: mp4s / 0x7334706D
  Stream #0.2(und): Data: mp4s / 0x7334706D
Output #0, mp4, to 'out_test.mp4':
  Stream #0.0: Video: mpeg4, yuv420p, 320x240, q=2-31, 200 kb/s, 30.00
fps(c)
Stream mapping:
  Stream #0.0 -> #0.0
[mpeg4 @ 0x83f3ca0]removing common factors from framerate
Press [q] to stop encoding
--22167-- REDIR: 0x43641D0 (rawmemchr) redirected to 0x401DF70 (rawmemchr)
--22167-- REDIR: 0x43630F0 (bcmp) redirected to 0x401DBC0 (bcmp)
--22167-- REDIR: 0x43633E0 (memmove) redirected to 0x401DEF0 (memmove)
[h264 @ 0x83f3ca0]corrupted macroblock 12 5 (total_coeff<0)its/s
[h264 @ 0x83f3ca0]error while decoding MB 12 5
[h264 @ 0x83f3ca0]concealing 237 DC, 237 AC, 237 MV errors
[h264 @ 0x83f3ca0]out of range intra chroma pred mode at 6 12s/s
[h264 @ 0x83f3ca0]error while decoding MB 6 12
[h264 @ 0x83f3ca0]concealing 103 DC, 103 AC, 103 MV errors
[h264 @ 0x83f3ca0]corrupted macroblock 17 7 (total_coeff<0)its/s
[h264 @ 0x83f3ca0]error while decoding MB 17 7
[h264 @ 0x83f3ca0]concealing 192 DC, 192 AC, 192 MV errors
[h264 @ 0x83f3ca0]concealing 8 DC, 8 AC, 8 MV errors297.8kbits/s
==22167== Conditional jump or move depends on uninitialised value(s)
==22167==    at 0x8231D89: get_se_golomb (golomb.h:137)
==22167==
==22167== Conditional jump or move depends on uninitialised value(s)
==22167==    at 0x82313F8: get_ue_golomb (golomb.h:54)
[h264 @ 0x83f3ca0]cbp too large (107) at 16 6trate= 406.1kbits/s
[h264 @ 0x83f3ca0]error while decoding MB 16 6
[h264 @ 0x83f3ca0]concealing 213 DC, 213 AC, 213 MV errors
[h264 @ 0x83f3ca0]P sub_mb_type 31 out of range at 12 8.8kbits/s
[h264 @ 0x83f3ca0]error while decoding MB 12 8
[h264 @ 0x83f3ca0]concealing 177 DC, 177 AC, 177 MV errors
[h264 @ 0x83f3ca0]out of range intra chroma pred mode at 16 11/s
[h264 @ 0x83f3ca0]error while decoding MB 16 11
[h264 @ 0x83f3ca0]concealing 113 DC, 113 AC, 113 MV errors
[h264 @ 0x83f3ca0]cbp too large (51) at 11 6itrate= 375.8kbits/s
[h264 @ 0x83f3ca0]error while decoding MB 11 6
[h264 @ 0x83f3ca0]concealing 218 DC, 218 AC, 218 MV errors
[h264 @ 0x83f3ca0]out of range intra chroma pred mode at 14 8s/s
[h264 @ 0x83f3ca0]error while decoding MB 14 8
[h264 @ 0x83f3ca0]concealing 175 DC, 175 AC, 175 MV errors
==22167== 9 q=3.2 size=     201kB time=4.6 bitrate= 355.1kbits/s
==22167== Invalid read of size 2
==22167==    at 0x8235895: decode_residual (bitstream.h:888)
==22167==  Address 0xE0 is not stack'd, malloc'd or (recently) free'd
==22167==
==22167== Process terminating with default action of signal 11 (SIGSEGV)
==22167==  Access not within mapped region at address 0xE0
==22167==    at 0x8235895: decode_residual (bitstream.h:888)
==22167==    by 0x38018F5F: (within /usr/lib/valgrind/x86-linux/memcheck)
==22167==
==22167== ERROR SUMMARY: 5 errors from 3 contexts (suppressed: 39 from 1)
==22167==
==22167== 1 errors in context 1 of 3:
==22167== Invalid read of size 2
==22167==    at 0x8235895: decode_residual (bitstream.h:888)
==22167==  Address 0xE0 is not stack'd, malloc'd or (recently) free'd
==22167==
==22167== 2 errors in context 2 of 3:
==22167== Conditional jump or move depends on uninitialised value(s)
==22167==    at 0x82313F8: get_ue_golomb (golomb.h:54)
==22167==
==22167== 2 errors in context 3 of 3:
==22167== Conditional jump or move depends on uninitialised value(s)
==22167==    at 0x8231D89: get_se_golomb (golomb.h:137)
--22167--
--22167-- supp:   39 Ubuntu-stripped-ld.so
==22167==
==22167== IN SUMMARY: 5 errors from 3 contexts (suppressed: 39 from 1)
==22167==
==22167== malloc/free: in use at exit: 2,978,168 bytes in 247 blocks.
==22167== malloc/free: 787 allocs, 540 frees, 3,860,918 bytes allocated.
==22167==
==22167== searching for pointers to 247 not-freed blocks.
==22167== checked 3,452,216 bytes.
==22167==
==22167== LEAK SUMMARY:
==22167==    definitely lost: 0 bytes in 0 blocks.
==22167==      possibly lost: 0 bytes in 0 blocks.
==22167==    still reachable: 2,978,168 bytes in 247 blocks.
==22167==         suppressed: 0 bytes in 0 blocks.
==22167== Reachable blocks (those to which a pointer was found) are not
shown.
==22167== To see them, rerun with: --show-reachable=yes
--22167--  memcheck: sanity checks: 1333 cheap, 54 expensive
--22167--  memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
--22167--  memcheck: auxmaps: 0 searches, 0 comparisons
--22167--  memcheck: SMs: n_issued      = 79 (1264k, 1M)
--22167--  memcheck: SMs: n_deissued    = 3 (48k, 0M)
--22167--  memcheck: SMs: max_noaccess  = 65535 (1048560k, 1023M)
--22167--  memcheck: SMs: max_undefined = 15 (240k, 0M)
--22167--  memcheck: SMs: max_defined   = 142 (2272k, 2M)
--22167--  memcheck: SMs: max_non_DSM   = 76 (1216k, 1M)
--22167--  memcheck: max sec V bit nodes:    725 (36k, 0M)
--22167--  memcheck: set_sec_vbits8 calls: 735 (new: 725, updates: 10)
--22167--  memcheck: max shadow mem size:   1556k, 1M
--22167-- translate:            fast SP updates identified: 9,199 ( 87.4%)
--22167-- translate:   generic_known SP updates identified: 1,079 ( 10.2%)
--22167-- translate: generic_unknown SP updates identified: 244 (  2.3%)
--22167--     tt/tc: 202,935 tt lookups requiring 220,705 probes
--22167--     tt/tc: 202,935 fast-cache updates, 3 flushes
--22167--  transtab: new        10,633 (351,587 -> 4,913,355; ratio
139:10) [0 scs]
--22167--  transtab: dumped     0 (0 -> ??)
--22167--  transtab: discarded  8 (194 -> ??)
--22167-- scheduler: 133,337,904 jumps (bb entries).
--22167-- scheduler: 1,333/195,830 major/minor sched events.
--22167--    sanity: 1334 cheap, 54 expensive checks.
--22167--    exectx: 30,011 lists, 54 contexts (avg 0 per list)
--22167--    exectx: 1,371 searches, 1,317 full compares (960 per 1000)
--22167--    exectx: 0 cmp2, 114 cmp4, 0 cmpAll
Segmentation fault

> i think that might be more readable
>   
it seems not.
or i misunderstood what you asked ?!

Ben

More information about the ffmpeg-devel mailing list