Opened 17 years ago
Closed 17 years ago
#724 closed defect (remind)
vorbis_inverse_coupling_sse crashes
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Component: | libavcodec |
| Version: | unspecified | Severity: | normal |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
In recent SVN (latest testet: mplayer: 22020, ffmpeg: 7718) mplayer crashes while initializing the vorbis audio codec. Here's the backtrace, diasassambly and register-dump:
Program received signal SIGSEGV, Segmentation fault.
vorbis_inverse_coupling_sse (mag=0x89f0eb0, ang=0x89f10b0, blocksize=128)
at i386/dsputil_mmx.c:2803
2803 asm volatile(
(gdb) bt
#0 vorbis_inverse_coupling_sse (mag=0x89f0eb0, ang=0x89f10b0, blocksize=128)
at i386/dsputil_mmx.c:2803
#1 0xbfffd11c in ?? ()
#2 0x0847db72 in vorbis_decode_frame (avccontext=0x41, data=0x41, data_size=Cannot access memory at address 0x110
)
at vorbis.c:1773
#3 0x0824262d in avcodec_decode_audio2 (avctx=0x89eef74, samples=0x41,
frame_size_ptr=0x89eef70, buf=0x41 <Address 0x41 out of bounds>,
buf_size=2) at utils.c:939
#4 0x08135e02 in decode_audio (sh_audio=0x2,
buf=0xbfffd130 "$½\224\b\200Ñÿ¿\001", minlen=1, maxlen=257536)
at ad_ffmpeg.c:161
#5 0x08135b8f in init (sh_audio=0x8944828) at ad_ffmpeg.c:109
#6 0x08103777 in init_audio_codec (sh_audio=0x8944828) at dec_audio.c:93
#7 0x08103ac5 in init_audio (sh_audio=0x8944828, codecname=0x0, afm=0x0,
status=1) at dec_audio.c:195
#8 0x08103d62 in init_best_audio_codec (sh_audio=0x8944828,
audio_codec_list=0xbfffd354, audio_fm_list=0x0) at dec_audio.c:240
#9 0x0808a436 in reinit_audio_chain () at mplayer.c:2775
#10 0x0808fa8d in main (argc=3, argv=0xbffff564) at mplayer.c:4600
#11 0x409f0082 in libc_start_main () from /lib/i686/libc.so.6
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x83a3073 to 0x83a30b3:
0x83a3073 <vorbis_inverse_coupling_3dnow+69>:
jg 0x83a3091 <vorbis_inverse_coupling_sse+11>
0x83a3075 <vorbis_inverse_coupling_3dnow+71>: (bad)
0x83a3076 <vorbis_inverse_coupling_3dnow+72>: movq %mm0,(%ecx,%eax,4)
0x83a307a <vorbis_inverse_coupling_3dnow+76>: add $0x2,%eax
0x83a307d <vorbis_inverse_coupling_3dnow+79>: cmp %ebx,%eax
0x83a307f <vorbis_inverse_coupling_3dnow+81>:
jl 0x83a3044 <vorbis_inverse_coupling_3dnow+22>
0x83a3081 <vorbis_inverse_coupling_3dnow+83>: femms
0x83a3083 <vorbis_inverse_coupling_3dnow+85>: pop %ebx
0x83a3084 <vorbis_inverse_coupling_3dnow+86>: ret
0x83a3085 <vorbis_inverse_coupling_3dnow+87>: nop
0x83a3086 <vorbis_inverse_coupling_sse>: push %ebx
0x83a3087 <vorbis_inverse_coupling_sse+1>: mov 0x8(%esp,1),%ecx
0x83a308b <vorbis_inverse_coupling_sse+5>: mov 0xc(%esp,1),%edx
0x83a308f <vorbis_inverse_coupling_sse+9>: mov 0x10(%esp,1),%ebx
0x83a3093 <vorbis_inverse_coupling_sse+13>: movaps 0x8653768,%xmm5
0x83a309a <vorbis_inverse_coupling_sse+20>: xor %eax,%eax
0x83a309c <vorbis_inverse_coupling_sse+22>: cmp %ebx,%eax
0x83a309e <vorbis_inverse_coupling_sse+24>:
jge 0x83a30da <vorbis_inverse_coupling_sse+84>
0x83a30a0 <vorbis_inverse_coupling_sse+26>: movaps (%ecx,%eax,4),%xmm0
0x83a30a4 <vorbis_inverse_coupling_sse+30>: movaps (%edx,%eax,4),%xmm1
0x83a30a8 <vorbis_inverse_coupling_sse+34>: xorps %xmm2,%xmm2
0x83a30ab <vorbis_inverse_coupling_sse+37>: xorps %xmm3,%xmm3
0x83a30ae <vorbis_inverse_coupling_sse+40>: cmpleps %xmm0,%xmm2
0x83a30b2 <vorbis_inverse_coupling_sse+44>: cmpleps %xmm1,%xmm3
End of assembler dump.
(gdb) info all-registers
eax 0x89f10b0 144642224
ecx 0x89f0eb0 144641712
edx 0x89f10b0 144642224
ebx 0x80 128
esp 0xbfffd0f8 0xbfffd0f8
ebp 0xbfffd1c8 0xbfffd1c8
esi 0x0 0
edi 0x8a028f0 144713968
eip 0x83a3093 0x83a3093
eflags 0x210202 2163202
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x7 7
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 1 (raw 0x3fff8000000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 -9223372036854775808 (raw 0xc03e8000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x23 35
fioff 0x847cf2f 138923823
foseg 0x2b 43
fooff 0x89f126c 144642668
fop 0x4e8 1256
xmm0 {f = {0x1, 0x1, 0x0, 0x0}} {f = {1, 1.875, 0, 0}}
xmm1 {f = {0x0, 0x0, 0x0, 0x0}} {f = {-0.999924719,
6.7408303e+22, 2.72008302e+23, 2.72008302e+23}}
xmm2 {f = {0x0, 0x0, 0x0, 0x0}} {f = {2.72008302e+23,
2.72008302e+23, 2.72008302e+23, 2.72008302e+23}}
xmm3 {f = {0x0, 0x0, 0x0, 0x0}} {f = {2.72008302e+23,
2.72008302e+23, 2.72008302e+23, 2.72008302e+23}}
xmm4 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm5 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm6 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
xmm7 {f = {0x0, 0x0, 0x0, 0x0}} {f = {0, 0, 0, 0}}
mxcsr 0x1fa0 8096
orig_eax 0xffffffff -1
DIsabling the use of vorbis_inverse_coupling_sse by commenting line 3487 in libavcodec/i386/dsputil_mmx.c works around this problem.
# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Pentium(R) 4 CPU 2.53GHz
stepping : 7
cpu MHz : 2558.571
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 5098.70
# gcc -v
Reading specs from /usr/lib/gcc-lib/i586-mandrake-linux-gnu/3.2/specs
Configured with: ../configure --prefix=/usr --libdir=/usr/lib --with-slibdir=/lib --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --enable-long-long --enable-cxa_atexit --enable-languages=c,c++,ada,f77,objc,java --host=i586-mandrake-linux-gnu --with-system-zlib
Thread model: posix
gcc version 3.2 (Mandrake Linux 9.0 3.2-1mdk)
# /lib/libc.so.6
GNU C Library stable release version 2.2.5, by Roland McGrath et al.
Copyright (C) 1992-2001, 2002 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 3.2 (Mandrake Linux 9.0 3.2-1mdk).
Compiled on a Linux 2.4.18 system on 2003-03-21.
Available extensions:
GNU libio by Per Bothner
crypt add-on version 2.1 by Michael Glad and others
linuxthreads-0.9 by Xavier Leroy
BIND-8.2.3-T5B
libthread_db work sponsored by Alpha Processor Inc
NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
Report bugs using the `glibcbug' script to <bugs@…>.
Feel free to contact me if you need more informations.
cu, Bodo
closing ffmpeg bugs
please try with svn and if it still crashes, upload the crashing sample and make a new report at ffmpeg's roundup tracker