[FFmpeg-trac] #407(avcodec:new): Crash in ff_put_pixels16_neon (EXC_BAD_ACCESS)

FFmpeg trac at avcodec.org
Sun Aug 21 15:24:13 CEST 2011 

#407: Crash in ff_put_pixels16_neon (EXC_BAD_ACCESS)
------------------------------------+----------------------
Reporter:  redeemarr                |       Owner:
    Type:  defect                   |      Status:  new
Priority:  normal                   |   Component:  avcodec
 Version:  unspecified              |  Resolution:
Keywords:  Crash, Error resilience  |  Blocked By:
Blocking:                           |  Reproduced:  0
Analyzed:  0                        |
------------------------------------+----------------------

Comment (by redeemarr):

 No asm, no NEON, ARM CPU.
 Similar crash:
 {{{
 #0  <unknown function> [inlined] () at :0
 #1  <unknown function> [inlined] () at :0
 #2  0x0018fca0 in ff_put_pixels16x16_8_c (dst=0x146de10 '\200' <repeats
 200 times>..., src=0x7860a10 <Address 0x7860a10 out of bounds>, stride=96)
 at dsputil_template.c:0
 #3  0x00283128 in mc_dir_part (h=0x587d000, pic=0x58a394c, n=<value
 temporarily unavailable, due to optimizations>, square=1, chroma_height=8,
 delta=0, list=0, dest_y=0x146de10 '\200' <repeats 200 times>...,
 dest_cb=0x149ab88 '\200' <repeats 200 times>..., dest_cr=0x149b388 '\200'
 <repeats 200 times>..., src_x_offset=0, src_y_offset=0, qpix_op=0x587e410,
 chroma_op=0x166770 <put_h264_chroma_mc8_8_c>, pixel_shift=0, chroma444=0)
 at libavcodec/h264.c:473
 #4  0x00283d18 in mc_part (h=0x587d000, n=0, square=1, chroma_height=8,
 delta=0, dest_y=0x146de10 '\200' <repeats 200 times>..., dest_cb=0x149ab88
 '\200' <repeats 200 times>..., dest_cr=0x149b388 '\200' <repeats 200
 times>..., x_offset=0, y_offset=0, qpix_put=0x587e410, chroma_put=0x166770
 <put_h264_chroma_mc8_8_c>, qpix_avg=0x587e510, chroma_avg=0x166e5c
 <avg_h264_chroma_mc8_8_c>, weight_op=0x587f4d4, weight_avg=0x587f4fc,
 list0=4096, list1=0, pixel_shift=0, chroma444=0) at libavcodec/h264.c:549
 #5  0x002969dc in hl_decode_mb_simple_8 (h=0x587d000) at
 libavcodec/h264.c:696
 #6  0x002977f8 in ff_h264_hl_decode_mb (h=0x587d000) at
 libavcodec/h264.c:2103
 #7  0x0027aec4 in decode_mb (s=0x587d000, ref=0) at
 libavcodec/error_resilience.c:59
 #8  0x0027c0b0 in guess_mv (s=0x587d000) at
 libavcodec/error_resilience.c:414
 #9  0x0027da10 in ff_er_frame_end (s=0x587d000) at
 libavcodec/error_resilience.c:1066
 #10 0x00286900 in field_end (h=0x587d000, in_setup=<value temporarily
 unavailable, due to optimizations>) at libavcodec/h264.c:2418
 #11 0x0029a648 in decode_frame (avctx=0x1415a00, data=0x80c1b0,
 data_size=0x77a6c44, avpkt=<value temporarily unavailable, due to
 optimizations>) at libavcodec/h264.c:3904
 #12 0x00326848 in avcodec_decode_video2 (avctx=0x1415a00,
 picture=0x80c1b0, got_picture_ptr=0x77a6c44, avpkt=0x77a6c00) at
 libavcodec/utils.c:769
 }}}
 {{{
 0x0018fc80 <put_tpel_pixels_mc00_c+476>:        cmp     lr, r5
 0x0018fc84 <put_tpel_pixels_mc00_c+480>:        orr     r3, r12, r3, lsl
 #8
 0x0018fc88 <put_tpel_pixels_mc00_c+484>:        add     r1, r1, r2
 0x0018fc8c <put_tpel_pixels_mc00_c+488>:        strh    r3, [r0], r2
 0x0018fc90 <put_tpel_pixels_mc00_c+492>:        bne     0x18fc74
 <put_tpel_pixels_mc00_c+464>
 0x0018fc94 <put_tpel_pixels_mc00_c+496>:        pop     {r4, r5, r7, pc}
 0x0018fc98 <ff_put_pixels16x16_8_c+0>:  push    {r4, r7, lr}
 0x0018fc9c <ff_put_pixels16x16_8_c+4>:  add     r7, sp, #4      ; 0x4
 0x0018fca0 <ff_put_pixels16x16_8_c+8>:  ldrb    r3, [r1, #1]
 0x0018fca4 <ff_put_pixels16x16_8_c+12>: ldrb    r12, [r1]
 0x0018fca8 <ff_put_pixels16x16_8_c+16>: add     r4, r0, r2
 0x0018fcac <ff_put_pixels16x16_8_c+20>: add     r9, r2, r4
 0x0018fcb0 <ff_put_pixels16x16_8_c+24>: orr     r12, r12, r3, lsl #8
 0x0018fcb4 <ff_put_pixels16x16_8_c+28>: ldrb    r3, [r1, #2]
 0x0018fcb8 <ff_put_pixels16x16_8_c+32>: orr     r12, r12, r3, lsl #16
 0x0018fcbc <ff_put_pixels16x16_8_c+36>: ldrb    r3, [r1, #3]
 }}}
 {{{
 r0             0x146de10        21421584
 r1             0x7860a10        126224912
 r2             0x60     96
 r3             0x18fc98 1637528
 r4             0x587d000        92786688
 r5             0x7860a10        126224912
 r6             0x0      0
 r7             0x77a664c        125462092
 r8             0x0      0
 r9             0x1      1
 r10            0x0      0
 r11            0x0      0
 r12            0x2aa0   10912
 sp             0x77a6648        125462088
 lr             0x283128 2634024
 pc             0x18fca0 1637536
 cpsr           {
   0x80000010,
   n = 0x1,
   z = 0x0,
   c = 0x0,
   v = 0x0,
   q = 0x0,
   j = 0x0,
   ge = 0x0,
   e = 0x0,
   a = 0x0,
   i = 0x0,
   f = 0x0,
   t = 0x0,
   mode = 0x10
 }       {
   0x80000010,
   n = 1,
   z = 0,
   c = 0,
   v = 0,
   q = 0,
   j = 0,
   ge = 0,
   e = 0,
   a = 0,
   i = 0,
   f = 0,
   t = 0,
   mode = usr
 }
 }}}

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/407#comment:5>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list