[FFmpeg-trac] #6838(avcodec:new): avcodec:ff_prores_idct_put_10_sse2 segfault on decoding a mov
FFmpeg
trac at avcodec.org
Wed Nov 15 21:59:37 EET 2017
#6838: avcodec:ff_prores_idct_put_10_sse2 segfault on decoding a mov
---------------------------------+---------------------------------------
Reporter: j13r | Type: defect
Status: new | Priority: normal
Component: avcodec | Version: unspecified
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
---------------------------------+---------------------------------------
Summary of the bug:
Segmentation fault when using this video as input: http://www.feuerwehr-
hoechen.de/wp-
content/uploads/2017/11/2017_11_14_asteroid_ueber_homburg_saar.mov
Sorry, I can not try the latest development version on this machine.
How to reproduce:
{{{
% ffmpeg -i 2017_11_14_asteroid_ueber_homburg_saar.mov test.mp4
ffmpeg version 3.2.6
built on Gentoo linux.
}}}
gdb identified ff_prores_idct_put_10_sse2 in avcodec.
gdb output
{{{
$ gdb ffmpeg
GNU gdb (Gentoo 7.12.1 vanilla) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ffmpeg...Reading symbols from
/usr/lib64/debug//usr/bin/ffmpeg.debug...(no debugging symbols
found)...done.
(no debugging symbols found)...done.
(gdb) run -i 2017_11_14_asteroid_ueber_homburg_saar.mov test.mp4
Starting program: /usr/bin/ffmpeg -i
2017_11_14_asteroid_ueber_homburg_saar.mov test.mp4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version 3.3.4 Copyright (c) 2000-2017 the FFmpeg developers
built with gcc 5.4.0 (Gentoo 5.4.0-r3 p1.4, pie-0.6.5)
configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64
--docdir=/usr/share/doc/ffmpeg-3.3.4/html --mandir=/usr/share/man
--enable-shared --cc=x86_64-pc-linux-gnu-gcc --cxx=x86_64-pc-linux-gnu-g++
--ar=x86_64-pc-linux-gnu-ar --optflags='-Os -pipe -march=native -fstack-
check -fstack-protector-all' --disable-static --enable-avfilter --enable-
avresample --disable-stripping --enable-version3 --disable-indev=oss
--disable-indev=jack --disable-outdev=oss --enable-bzlib --disable-
runtime-cpudetect --disable-debug --disable-gcrypt --disable-gnutls
--disable-gmp --enable-gpl --enable-hardcoded-tables --enable-iconv
--disable-lzma --enable-network --disable-openssl --enable-postproc
--enable-libsmbclient --enable-ffplay --enable-sdl2 --disable-vaapi
--disable-vdpau --enable-xlib --enable-libxcb --enable-libxcb-shm
--enable-libxcb-xfixes --enable-zlib --disable-libcdio --disable-
libiec61883 --disable-libdc1394 --disable-libcaca --disable-openal
--enable-opengl --disable-libv4l2 --enable-libpulse --disable-libopencore-
amrwb --disable-libopencore-amrnb --disable-libfdk-aac --disable-
libopenjpeg --disable-libbluray --disable-libcelt --disable-libgme
--disable-libgsm --disable-mmal --disable-libmodplug --enable-libopus
--disable-libilbc --disable-librtmp --disable-libssh --disable-
libschroedinger --disable-libspeex --enable-libvorbis --enable-libvpx
--disable-libzvbi --disable-libbs2b --disable-chromaprint --disable-
libflite --disable-frei0r --disable-libfribidi --enable-fontconfig
--disable-ladspa --enable-libass --enable-libfreetype --disable-
librubberband --disable-netcdf --disable-libzmq --disable-libzimg
--disable-libsoxr --enable-pthreads --disable-libvo-amrwbenc --enable-
libmp3lame --disable-libkvazaar --disable-nvenc --disable-libopenh264
--disable-libsnappy --enable-libtheora --disable-libtwolame --disable-
libwavpack --enable-libwebp --enable-libx264 --disable-libx265 --enable-
libxvid --disable-amd3dnow --disable-amd3dnowext --disable-aesni
--disable-avx --disable-avx2 --disable-fma3 --disable-fma4 --disable-sse3
--disable-ssse3 --disable-sse4 --disable-sse42 --disable-xop --cpu=host
--disable-doc --disable-htmlpages --enable-manpages
libavutil 55. 58.100 / 55. 58.100
libavcodec 57. 89.100 / 57. 89.100
libavformat 57. 71.100 / 57. 71.100
libavdevice 57. 6.100 / 57. 6.100
libavfilter 6. 82.100 / 6. 82.100
libavresample 3. 5. 0 / 3. 5. 0
libswscale 4. 6.100 / 4. 6.100
libswresample 2. 7.100 / 2. 7.100
libpostproc 54. 5.100 / 54. 5.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x639870] stream 0, timescale not set
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6593b7a in ff_prores_idct_put_10_sse2 () from
/usr/lib64/libavcodec.so.57
(gdb) bt
#0 0x00007ffff6593b7a in ff_prores_idct_put_10_sse2 () from
/usr/lib64/libavcodec.so.57
#1 0x00007ffff63a9f7a in decode_slice_luma.isra () from
/usr/lib64/libavcodec.so.57
#2 0x00007ffff63ab183 in decode_slice_thread () from
/usr/lib64/libavcodec.so.57
#3 0x00007ffff64315a1 in avcodec_default_execute2 () from
/usr/lib64/libavcodec.so.57
#4 0x00007ffff63aabb1 in decode_frame () from /usr/lib64/libavcodec.so.57
#5 0x00007ffff643270d in avcodec_decode_video2 () from
/usr/lib64/libavcodec.so.57
#6 0x00007ffff6432fdb in do_decode () from /usr/lib64/libavcodec.so.57
#7 0x00007ffff6436f2f in avcodec_send_packet () from
/usr/lib64/libavcodec.so.57
#8 0x00007ffff74efe66 in try_decode_frame () from
/usr/lib64/libavformat.so.57
#9 0x00007ffff74f63d9 in avformat_find_stream_info () from
/usr/lib64/libavformat.so.57
#10 0x0000000000411ef7 in open_input_file ()
#11 0x000000000040fc3f in open_files ()
#12 0x0000000000416048 in ffmpeg_parse_options ()
#13 0x00000000004083c6 in main ()
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff6593b5a to 0x7ffff6593b9a:
0x00007ffff6593b5a: add %cl,(%rdi)
0x00007ffff6593b5c: (bad)
0x00007ffff6593b5d: add %r8b,(%rax)
0x00007ffff6593b60 <ff_prores_idct_put_10_sse2+0>: movslq %esi,%rsi
0x00007ffff6593b63 <ff_prores_idct_put_10_sse2+3>: movdqa
(%rdx),%xmm10
0x00007ffff6593b68 <ff_prores_idct_put_10_sse2+8>: movdqa
0x20(%rdx),%xmm8
0x00007ffff6593b6e <ff_prores_idct_put_10_sse2+14>: movdqa
0x40(%rdx),%xmm13
0x00007ffff6593b74 <ff_prores_idct_put_10_sse2+20>: movdqa
0x60(%rdx),%xmm12
=> 0x00007ffff6593b7a <ff_prores_idct_put_10_sse2+26>: pmullw
(%rcx),%xmm10
0x00007ffff6593b7f <ff_prores_idct_put_10_sse2+31>: pmullw
0x20(%rcx),%xmm8
0x00007ffff6593b85 <ff_prores_idct_put_10_sse2+37>: pmullw
0x40(%rcx),%xmm13
0x00007ffff6593b8b <ff_prores_idct_put_10_sse2+43>: pmullw
0x60(%rcx),%xmm12
0x00007ffff6593b91 <ff_prores_idct_put_10_sse2+49>: paddw
0x515fc6(%rip),%xmm10 # 0x7ffff6aa9b60 <ff_pw_1>
End of assembler dump.
(gdb) info all-registers
rax 0x641820 6559776
rbx 0x5000 20480
rcx 0x7fffffffca68 140737488341608
rdx 0x7fffffffb9b0 140737488337328
rsi 0xa00 2560
rdi 0x7fffe0fde010 140736968122384
rbp 0xa00 0xa00
rsp 0x7fffffffb938 0x7fffffffb938
r8 0x20 32
r9 0x7fffffffc9b0 140737488341424
r10 0x0 0
r11 0x0 0
r12 0x7fffffffb9b0 140737488337328
r13 0x5010 20496
r14 0x1 1
r15 0x7ffff7fcb43e 140737353921598
rip 0x7ffff6593b7a 0x7ffff6593b7a
<ff_prores_idct_put_10_sse2+26>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
---Type <return> to continue, or q <return> to quit---
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
{0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xff,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0 <repeats 20
times>}, v16_int16 = {0xff, 0x0, 0x0, 0x0, 0x0,
0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 =
{0xff, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xff, 0x1000000, 0x0, 0x0}, v2_int128 =
{0x000000000100000000000000000000ff,
0x00000000000000000000000000000000}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x0, 0x0, 0x0},
v32_int8 = {0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x0, 0x0,
0x1c, 0xab, 0xee, 0xff, 0x5, 0xab,
0x0 <repeats 16 times>}, v16_int16 = {0x656d, 0x6174, 0x6164, 0x6174,
0x0, 0xab1c, 0xffee, 0xab05, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x6174656d, 0x61746164, 0xab1c0000,
0xab05ffee, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x617461646174656d, 0xab05ffeeab1c0000, 0x0, 0x0}, v2_int128 =
{0xab05ffeeab1c0000617461646174656d,
0x00000000000000000000000000000000}}
ymm3 {v8_float = {0xd8206c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x0, 0x0,
0x0}, v32_int8 = {0x6c, 0x20, 0x58, 0x4d, 0x50, 0x20, 0x6d, 0x65,
0x74, 0x61, 0x64, 0x61, 0x74, 0x61,
0x0 <repeats 18 times>}, v16_int16 = {0x206c, 0x4d58, 0x2050, 0x656d,
0x6174, 0x6164, 0x6174, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x4d58206c, 0x656d2050, 0x61646174,
0x6174, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x656d20504d58206c, 0x617461646174, 0x0, 0x0}, v2_int128 =
{0x0000617461646174656d20504d58206c,
0x00000000000000000000000000000000}}
ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x8000000000000000, 0x8000000000000000,
0x0, 0x0}, v32_int8 = {0x1c, 0xab, 0xee, 0xff, 0x5, 0xab, 0xee, 0xff,
0x38, 0xab, 0xee, 0xff, 0x9b, 0xac, 0xee, 0xff,
0x0 <repeats 16 times>}, v16_int16 = {0xab1c, 0xffee, 0xab05, 0xffee,
0xab38, 0xffee, 0xac9b, 0xffee, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffeeab1c, 0xffeeab05,
0xffeeab38, 0xffeeac9b, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0xffeeab05ffeeab1c, 0xffeeac9bffeeab38, 0x0, 0x0}, v2_int128 =
{0xffeeac9bffeeab38ffeeab05ffeeab1c,
---Type <return> to continue, or q <return> to quit---
0x00000000000000000000000000000000}}
ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xc0,
0xee, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x64, 0x0 <repeats 21
times>}, v16_int16 = {0xeec0, 0x64, 0x0, 0x0,
0x700, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int32 = {0x64eec0, 0x0, 0x640700, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0x64eec0, 0x640700, 0x0, 0x0}, v2_int128 =
{0x0000000000640700000000000064eec0,
0x00000000000000000000000000000000}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0,
0x9f, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0, 0xee, 0x64, 0x0 <repeats 21
times>}, v16_int16 = {0x9f00, 0x63, 0x0, 0x0,
0xeee0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int32 = {0x639f00, 0x0, 0x64eee0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0x639f00, 0x64eee0, 0x0, 0x0}, v2_int128 =
{0x000000000064eee00000000000639f00,
0x00000000000000000000000000000000}}
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x20,
0x9f, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0, 0x1b, 0x64, 0x0 <repeats 21
times>}, v16_int16 = {0x9f20, 0x63, 0x0, 0x0,
0x1ba0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v8_int32 = {0x639f20, 0x0, 0x641ba0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0x639f20, 0x641ba0, 0x0, 0x0}, v2_int128 =
{0x0000000000641ba00000000000639f20,
0x00000000000000000000000000000000}}
ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
{0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm9 {v8_float = {0x0, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x18000000000004, 0x0, 0x0, 0x0},
v32_int8 = {0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x43, 0x0 <repeats 24
times>}, v16_int16 = {0x4, 0x0, 0x0, 0x4338,
0x0 <repeats 12 times>}, v8_int32 = {0x4, 0x43380000, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x4338000000000004,
0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000004338000000000004,
0x00000000000000000000000000000000}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0,
0xf9, 0x0 <repeats 30 times>}, v16_int16 = {0xf900, 0x0 <repeats 15
times>}, v8_int32 = {0xf900, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0xf900, 0x0, 0x0, 0x0}, v2_int128 =
{0x0000000000000000000000000000f900,
0x00000000000000000000000000000000}}
ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x66,
0x94, 0x48, 0xf, 0x11, 0x14, 0xe3, 0xb9, 0x0 <repeats 24 times>},
v16_int16 = {0x9466, 0xf48, 0x1411, 0xb9e3,
0x0 <repeats 12 times>}, v8_int32 = {0xf489466, 0xb9e31411, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0xb9e314110f489466, 0x0, 0x0, 0x0}, v2_int128 =
{0x0000000000000000b9e314110f489466,
0x00000000000000000000000000000000}}
ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
---Type <return> to continue, or q <return> to quit---
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
{0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>},
v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 =
{0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x6a,
0xb2, 0x1d, 0x8f, 0x31, 0xd7, 0x61, 0x3f, 0x0 <repeats 24 times>},
v16_int16 = {0xb26a, 0x8f1d, 0xd731, 0x3f61,
0x0 <repeats 12 times>}, v8_int32 = {0x8f1db26a, 0x3f61d731, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x3f61d7318f1db26a, 0x0, 0x0, 0x0}, v2_int128 =
{0x00000000000000003f61d7318f1db26a,
0x00000000000000000000000000000000}}
ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0 <repeats 24 times>}, v16_int16
= {0x0, 0x0, 0x0, 0x8000,
0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x80000000, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0x8000000000000000,
0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000008000000000000000,
0x00000000000000000000000000000000}}
(gdb)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6838>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list