[FFmpeg-trac] #5500(avcodec:closed): ff_h264_decode_nal crash on iOS 32/64 bit
FFmpeg
trac at avcodec.org
Mon May 2 15:22:51 CEST 2016
#5500: ff_h264_decode_nal crash on iOS 32/64 bit
-------------------------------------+-------------------------------------
Reporter: glip | Owner:
Type: defect | Status: closed
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: h264 crash | needs_more_info
Blocking: | Blocked By:
Analyzed by developer: 0 | Reproduced by developer: 0
-------------------------------------+-------------------------------------
Comment (by glip):
I'm using lldb. This is crash of 32 bit version:
Crash:
* thread #17: tid = 0x7146, 0x00414092 app`ff_h264_decode_nal + 66, name =
'QThread', stop reason = EXC_BAD_ACCESS (code=1, address=0x26e05000)
frame #0: 0x00414092 spp`ff_h264_decode_nal + 66
app`ff_h264_decode_nal:
-> 0x414092 <+66>: movl (%esi,%ebp), %ecx
0x414095 <+69>: movl %ecx, %edx
0x414097 <+71>: notl %edx
0x414099 <+73>: leal -0x1000101(%ecx), %edi
(lldb) bt
* thread #17: tid = 0x7146, 0x00414092 app`ff_h264_decode_nal + 66, name =
'QThread', stop reason = EXC_BAD_ACCESS (code=1, address=0x26e05000)
* frame #0: 0x00414092 app`ff_h264_decode_nal + 66
frame #1: 0x00415657 app`___lldb_unnamed_function8705$$app + 1623
frame #2: 0x00417cd1 app`___lldb_unnamed_function8709$$app + 897
frame #3: 0x00878cb2 app`avcodec_decode_video2 + 322
frame #4: 0x0087a70a app`___lldb_unnamed_function11569$$app + 106
frame #5: 0x0087a68d app`avcodec_send_packet + 173
frame #6: 0x00050898 app`VideoDecoder::work() + 4376
frame #7: 0x000445b7 app`___lldb_unnamed_function985$$app + 103
frame #8: 0x0004451d app`___lldb_unnamed_function983$$app + 77
frame #9: 0x00044450 app`QtPrivate::QSlotObject<void
(VideoDecoder::*)(), QtPrivate::List<>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) + 176
frame #10: 0x07372917 QtCore`QMetaCallEvent::placeMetaCall(QObject*) +
55
frame #11: 0x07374089 QtCore`QObject::event(QEvent*) + 121
frame #12: 0x062a2b04
QtWidgets`QApplicationPrivate::notify_helper(QObject*, QEvent*) + 228
frame #13: 0x062a405a QtWidgets`QApplication::notify(QObject*,
QEvent*) + 522
frame #14: 0x07345a70
QtCore`QCoreApplication::notifyInternal2(QObject*, QEvent*) + 176
frame #15: 0x073467e4
QtCore`QCoreApplicationPrivate::sendPostedEvents(QObject*, int,
QThreadData*) + 852
frame #16: 0x073a0a8c
QtCore`QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 60
frame #17: 0x07341adf
QtCore`QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 447
frame #18: 0x07183a5c QtCore`QThread::exec() + 108
frame #19: 0x071876bb QtCore`___lldb_unnamed_function261$$QtCore + 379
frame #20: 0x96253780 libsystem_pthread.dylib`_pthread_body + 138
frame #21: 0x962536f6 libsystem_pthread.dylib`_pthread_start + 155
frame #22: 0x96250f7a libsystem_pthread.dylib`thread_start + 34
(lldb) disass -s $pc-32 -e $pc+32
app`ff_h264_decode_nal:
0x414072 <+34>: andl $0x1f, %eax
0x414075 <+37>: movl %eax, 0x32670(%ecx)
0x41407b <+43>: leal 0x1(%ebx), %esi
0x41407e <+46>: decl %edi
0x41407f <+47>: xorl %ebp, %ebp
0x414081 <+49>: cmpl $0x2, %edi
0x414084 <+52>: jl 0x41411e ; <+206>
0x41408a <+58>: nopw (%eax,%eax)
0x414090 <+64>: movl %edi, %eax
-> 0x414092 <+66>: movl (%esi,%ebp), %ecx
0x414095 <+69>: movl %ecx, %edx
0x414097 <+71>: notl %edx
0x414099 <+73>: leal -0x1000101(%ecx), %edi
0x41409f <+79>: andl %edx, %edi
0x4140a1 <+81>: testl $0x80008080, %edi ; imm = 0x80008080
0x4140a7 <+87>: je 0x414100 ; <+176>
0x4140a9 <+89>: cmpb $0x1, %cl
0x4140ac <+92>: sbbl %ecx, %ecx
0x4140ae <+94>: testl %ebp, %ebp
(lldb) register read --all
General Purpose Registers:
eax = 0x00055fe2 app`___lldb_unnamed_function1152$$app + 18
ebx = 0x26daf01c
ecx = 0x00055fe1 app`___lldb_unnamed_function1152$$app + 17
edx = 0xdba4a9d6
edi = 0x00055fe2 app`___lldb_unnamed_function1152$$app + 18
esi = 0x26daf01d
ebp = 0x00055fe0 app`___lldb_unnamed_function1152$$app + 16
esp = 0xb07ae360
ss = 0x00000023
eflags = 0x00010297 app`VideoServer::stopStreaming(unsigned int) + 7
eip = 0x00414092 app`ff_h264_decode_nal + 66
cs = 0x0000001b
ds = 0x00000023
es = 0x00000023
fs = 0x00000023
gs = 0x0000000f
ax = 0x5fe2
bx = 0xf01c
cx = 0x5fe1
dx = 0xa9d6
di = 0x5fe2
si = 0xf01d
bp = 0x5fe0
sp = 0xe360
ah = 0x5f
bh = 0xf0
ch = 0x5f
dh = 0xa9
al = 0xe2
bl = 0x1c
cl = 0xe1
dl = 0xd6
dil = 0xe2
sil = 0x1d
bpl = 0xe0
spl = 0x60
Floating Point Registers:
fctrl = 0x037f
fstat = 0x0000
ftag = 0x00
fop = 0x0000
fioff = 0x9d78b56a libsystem_m.dylib`llrint + 26
fiseg = 0x0000
fooff = 0xb07ae3f0
foseg = 0x0000
mxcsr = 0x00001fa0 app`_mh_execute_header + 4000
mxcsrmask = 0x0000ffff app`VideoServer::reopen() + 655
stmm0 = {0x80 0x80 0x80 0x80 0x7f 0x7f 0x7f 0x7f 0xff 0xff}
stmm1 = {0x81 0x81 0x80 0x80 0x81 0x81 0x80 0x80 0xff 0xff}
stmm2 = {0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0xff 0xff}
stmm3 = {0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0xff 0xff}
stmm4 = {0x81 0x81 0x80 0x80 0x81 0x81 0x80 0x80 0xff 0xff}
stmm5 = {0x81 0x81 0x80 0x80 0x81 0x81 0x80 0x80 0xff 0xff}
stmm6 = {0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0xff 0xff}
stmm7 = {0x01 0x01 0x00 0x00 0x01 0x01 0x00 0x00 0xff 0xff}
ymm0 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00}
ymm1 = {0xff 0xff 0xff 0xff 0xff 0xff 0xff 0xff 0x00 0xff 0xff 0xff
0x00 0xff 0x00 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00}
ymm2 = {0x81 0x81 0x81 0x81 0x81 0x81 0x81 0x81 0x80 0x80 0x80 0x80
0x80 0x80 0x80 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00}
ymm3 = {0x80 0x7f 0x7e 0x7e 0x7e 0x7e 0x7e 0x7e 0x80 0x80 0x80 0x80
0x7f 0x7f 0x7f 0x7f 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00}
ymm4 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
0x01 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00}
ymm5 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
0x01 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00}
ymm6 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
0x01 0x00 0x00 0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00}
ymm7 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00}
xmm0 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00}
xmm1 = {0xff 0xff 0xff 0xff 0xff 0xff 0xff 0xff 0x00 0xff 0xff 0xff
0x00 0xff 0x00 0xff}
xmm2 = {0x81 0x81 0x81 0x81 0x81 0x81 0x81 0x81 0x80 0x80 0x80 0x80
0x80 0x80 0x80 0x80}
xmm3 = {0x80 0x7f 0x7e 0x7e 0x7e 0x7e 0x7e 0x7e 0x80 0x80 0x80 0x80
0x7f 0x7f 0x7f 0x7f}
xmm4 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
0x01 0x00 0x00 0x80}
xmm5 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
0x01 0x00 0x00 0x80}
xmm6 = {0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80 0x01 0x00 0x00 0x80
0x01 0x00 0x00 0x80}
xmm7 = {0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00}
Exception State Registers:
trapno = 0x0000000e
err = 0x00000004
faultvaddr = 0x26e05000
(lldb)
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5500#comment:7>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list