Opened 19 years ago

Closed 14 years ago

#371 closed defect (fixed)

demux_real.c not endian-safe

Reported by: hagen.heiduck@… Owned by: reimar
Priority: normal Component: demuxer
Version: 1.0pre7 Severity: major
Keywords: Cc: reimar
Blocked By: Blocking:
Reproduced by developer: no Analyzed by developer: no

Description

Playing RealAudio/Video files on a big endian host (e.g. Sparc) mostly failes
with "Signal 10" error.

In demux_real_fill_buffer(demuxer_t *demuxer) an uint32_t* pointer "extra" is
defined, which is directly accessed as follows:

extra[2*dp_hdr->chunks+0]=1;
extra[2*dp_hdr->chunks+1]=dp_hdr->len;

extra[0]=1; extra[1]=0; offset of the first chunk

This causes a crash when byte order is swapped, but there may exists some other
"endian-unsafe" code snippets...

Change History (10)

comment:1 by reimar, 19 years ago

Please provide either a full bugreport or a patch instead of pointing at code
snippets and guessing the reasons.
A signal 10 has usually has nothing at all to do with endianness.

comment:2 by moritz@…, 19 years ago

Isn't sig 10 SIGBUS? Those usually come from non-aligned memory access on non-
x86 architectures. And the code he points out could do non-aligned memory
access. Anyway, the code in question has it both: Endianess problems and
alignment issues. The proper me2* macros should get rid of both (potential)
problems.

comment:3 by reimar, 19 years ago

how should the me2* (I assume you mean le2me_*?) macros help? The problem seems
to be an unaligned write, not unaligned read...
I am also not sure that there is an endianness issue, the conversion might be
done in the codec or not (what does that problematic code do anyway??)

comment:4 by moritz@…, 19 years ago

Granted, it depends on how the le2* macros are implemented. If they use 32bit
accesses then they're of no use here, obviously.

And you're right about the Endianess issue, too: I don't know (probably no one
does) how the binary codecs expect those numbers. But that's easy to find out
once the alignment issue has been resolved.

comment:5 by hagen.heiduck@…, 19 years ago

Please find attached a full bug report as requested.


# uname -a
SunOS raylpz1 5.9 Generic_118558-09 sun4u sparc SUNW,Sun-Fire-V240 Solaris

# gcc -v
Reading specs from /usr/lib/gcc/sparc-sun-solaris2.9/3.4.3/specs
Configured with: /var/tmp/portage/gcc-3.4.3/work/gcc-3.4.3/configure
--enable-version-specific-runtime-libs --prefix=/usr
--bindir=/usr/sparc-sun-solaris2.9/gcc-bin/3.4.3
--includedir=/usr/lib/gcc/sparc-sun-solaris2.9/3.4.3/include
--datadir=/usr/share/gcc-data/sparc-sun-solaris2.9/3.4.3
--mandir=/usr/share/gcc-data/sparc-sun-solaris2.9/3.4.3/man
--infodir=/usr/share/gcc-data/sparc-sun-solaris2.9/3.4.3/info
--with-gxx-include-dir=/usr/lib/gcc/sparc-sun-solaris2.9/3.4.3/include/g++-v3
--host=sparc-sun-solaris2.9 --disable-altivec --enable-nls
--without-included-gettext --disable-cxa_atexit
--with-local-prefix=/opt/portage/usr --with-libiconv-prefix=/opt/portage/usr
--with-gnu-ld --with-gnu-as --with-as=/usr/bin/as --with-ld=/usr/bin/ld
--with-system-zlib --disable-checking --disable-werror
--disable-libunwind-exceptions --enable-shared --enable-threads=posix
--disable-multilib --disable-libgcj --enable-languages=c,c++
--with-libiconv=gnu
Thread model: posix
gcc version 3.4.3 (Gentoo Linux 3.4.3, ssp-3.4.3-0, pie-8.7.6.6)

# ld -v
GNU ld version 2.15.92.0.2 20040927

# as --version
GNU assembler 2.15.92.0.2 20040927
Copyright 2002 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
This assembler was configured for a target of `sparc-sun-solaris2.9'.

==================================== CPUs ====================================

E$ CPU CPU Temperature

CPU Freq Size Implementation Mask Die Amb. Status
--- -------- ---------- ------------------- ----- ---- ---- ------

0 1503 MHz 1MB SUNW,UltraSPARC-IIIi 3.2 - - online
1 1503 MHz 1MB SUNW,UltraSPARC-IIIi 3.2 - - online


# gdb mplayer
GNU gdb 6.1
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
(gdb) run -v rtsp://192.168.128.169/rm/jens.rm
Starting program: /usr/bin/mplayer -v rtsp://192.168.128.169/rm/jens.rm
Using GNU internationalization
Original domain: messages
Original dirname: /usr/share/locale
Current domain: mplayer
Current dirname: /usr/share/locale

MPlayer 1.0pre7try2-3.4.3 (C) 2000-2005 MPlayer Team
CPU: Sun Sparc


85 Audio- & 196 Videocodecs
Kommandozeile: '-v' 'rtsp://192.168.128.169/rm/jens.rm'
init_freetype
get_path('font/font.desc') -> '/home/heiduck/.mplayer/font/font.desc'
font: can't open file: /home/heiduck/.mplayer/font/font.desc
Font /usr/share/mplayer/font/font.desc loaded successfully! (206 chars)
Using Unoptimized OnScreenDisplay
Using nanosleep() timing
get_path('input.conf') -> '/home/heiduck/.mplayer/input.conf'
Can't open input config file /home/heiduck/.mplayer/input.conf: No such file or
directory
Parsing input config file /usr/share/mplayer/input.conf
Input config file /usr/share/mplayer/input.conf parsed: 59 binds
get_path('jens.rm.conf') -> '/home/heiduck/.mplayer/jens.rm.conf'
Spiele rtsp://192.168.128.169/rm/jens.rm
Filename for url is now rtsp://192.168.128.169/rm/jens.rm
Filename for url is now rtsp://192.168.128.169/rm/jens.rm
Connecting to server 192.168.128.169[192.168.128.169]:554 ...
Cache size set to 8192 KBytes
Verbunden mit Server: 192.168.128.169
CACHE_PRE_INIT: 0 [0] 0 pre:0 eof:0
Cache fill: 19.14% (0 bytes) Checking for REAL
REAL-Dateiformat erkannt!
real: Header size: 18
real: Header object version: 0
real: File version: 0
Chunk: PORP (504f5250) (size: 0x32, offset: 0x12)
First index chunk offset: 0x0
First data chunk offset: 0x17f
Flags (9): [save allowed]
Chunk: TNOC (544e4f43) (size: 0x1a, offset: 0x44)
Chunk: RPDM (5250444d) (size: 0x72, offset: 0x5e)
Found new stream (id: 0)
Stream description: Video Stream
Stream mimetype: video/x-pn-realvideo
==> Videostream gefunden: 0
video fourcc: 04VR (30345652)
H.263 ID: 40008000
unknown id: 40008000
### skipping 2 bytes of codec info
Chunk: RPDM (5250444d) (size: 0xa5, offset: 0xd0)
Found new stream (id: 1)
Stream description: Audio Stream
Stream mimetype: audio/x-pn-realaudio
==> Audiostream gefunden: 1
Found audio stream!
version: 5

00 00
2E 72 61 35
00 00 00 10
00 05

header size: 70

00 00 00 00
00 07 55 67
00 00 00 00

frame_size: 744
sub_packet_size: 186

00 00
00 00 AC 44 00 00
00 00

samplerate: 44100, channels: 1

67 65 6E 72
01 07 00
00

======= WAVE Format =======
Format Tag: 28515 (0x6F63)
Channels: 1
Samplerate: 44100
avg byte/sec: 64082
Block align: 744
bits/sample: 16
cbSize: 18
Unknown extra header dump: [0] [ba] [0] [14] [0] [e] [2] [e8] [0] [8] [1] [0]
[0] [2] [4] [0] [0] [2f]
===========================
### skipping 1 bytes of codec info
Chunk: ATAD (41544144) (size: 0x51d620, offset: 0x175)
Packets in file: 5152
Auto-selected RM video ID = 0

Program received signal SIGSEGV, Segmentation fault.
demux_real_fill_buffer (demuxer=0x636288) at demux_real.c:875
875 demux_real.c: No such file or directory.

in demux_real.c

(gdb) bt
#0 demux_real_fill_buffer (demuxer=0x636288) at demux_real.c:875
#1 0x000c4a8c in ds_fill_buffer (ds=0x636af0) at demuxer.c:464
#2 0x000d2c60 in demux_open_real (demuxer=0x636288) at demux_real.c:1715
#3 0x000c6b20 in demux_open_stream (stream=0x632118, file_format=11,
audio_id=-1, video_id=-1, dvdsub_id=-1,

filename=0x511828 "rtsp://192.168.128.169/rm/jens.rm") at demuxer.c:1309

#4 0x000c6ff8 in demux_open (vs=0x632118, file_format=11, audio_id=-1,
video_id=-1, dvdsub_id=-1, filename=0x511828
"rtsp://192.168.128.169/rm/jens.rm")

at demuxer.c:1456

#5 0x0001a244 in main (argc=4567040, argv=0x45b000) at mplayer.c:1635
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0xd0838 to 0xd0878:
0x000d0838 <demux_real_fill_buffer+3604>: st %o4, [ %l5 + 0x50 ]
0x000d083c <demux_real_fill_buffer+3608>: add %l4, 0x10, %g1
0x000d0840 <demux_real_fill_buffer+3612>: clr [ %i5 ]
0x000d0844 <demux_real_fill_buffer+3616>: st %l7, [ %i5 + 4 ]
0x000d0848 <demux_real_fill_buffer+3620>: st %g1, [ %i5 + 0xc ]
0x000d084c <demux_real_fill_buffer+3624>: mov 1, %o4
0x000d0850 <demux_real_fill_buffer+3628>: add %i5, %g1, %l0
0x000d0854 <demux_real_fill_buffer+3632>: ld [ %fp + -32 ], %o5
0x000d0858 <demux_real_fill_buffer+3636>: st %o4, [ %i5 + %g1 ]
0x000d085c <demux_real_fill_buffer+3640>: cmp %o5, 0
0x000d0860 <demux_real_fill_buffer+3644>: add %i5, 0x10, %i1
0x000d0864 <demux_real_fill_buffer+3648>: be,pn %icc, 0xd178c
<demux_real_fill_buffer+7528>
0x000d0868 <demux_real_fill_buffer+3652>: clr [ %l0 + 4 ]
0x000d086c <demux_real_fill_buffer+3656>: cmp %l4, %l3
0x000d0870 <demux_real_fill_buffer+3660>: bg,pn %icc, 0xd1770
<demux_real_fill_buffer+7500>
0x000d0874 <demux_real_fill_buffer+3664>: sethi %hi(0x38b400), %o1
End of assembler dump.
(gdb) info all-registers
g0 0x0 0
g1 0x2ffb 12283
g2 0x0 0
g3 0x0 0
g4 0x0 0
g5 0x0 0
g6 0x0 0
g7 0xfd210000 -48168960
o0 0x63ae80 6532736
o1 0x38b638 3716664
o2 0x5 5
o3 0x2feb 12267
o4 0x1 1
o5 0x0 0
sp 0xffbfd170 0xffbfd170
o7 0xd0d28 855336
l0 0x63de7b 6545019
l1 0x303b 12347
l2 0x0 0
l3 0x527 1319
l4 0x2feb 12267
l5 0x636af0 6515440
l6 0x636c10 6515728
l7 0x0 0
i0 0x636288 6513288
i1 0x636af0 6515440
i2 0x5 5
i3 0x1 1
i4 0x635ba0 6511520
i5 0x63ae80 6532736
fp 0xffbfd200 0xffbfd200
i7 0xc4a84 805508
f0 7.05775716e+22 (raw 0x656f2049)
f1 640.955078 (raw 0x44203d20)
f2 0 (raw 0x00000000)
f3 4.48415509e-44 (raw 0x00000020)
f4 1.3835471e-11 (raw 0x2d73656c)
f5 6.71327682e+22 (raw 0x65637465)
f6 1.18296378e+22 (raw 0x6420524d)
f7 2.08718813e-19 (raw 0x20766964)
f8 0.0333333351 (raw 0x3d088889)
f9 30 (raw 0x41f00000)
f10 0 (raw 0x00000000)
f11 4.20389539e-44 (raw 0x0000001e)
f12 -115.89325 (raw 0xc2e7c958)
f13 -1.25067776e-10 (raw 0xaf098373)
f14 -8.45337718e-29 (raw 0x90d6518e)
f15 661.764709 (raw 0x442570f1)
f16 -nan(0x7fffff) (raw 0xffffffff)
f17 -nan(0x7fffff) (raw 0xffffffff)
f18 -nan(0x7fffff) (raw 0xffffffff)
---Type <return> to continue, or q <return> to quit---
f19 -nan(0x7fffff) (raw 0xffffffff)
f20 -nan(0x7fffff) (raw 0xffffffff)
f21 -nan(0x7fffff) (raw 0xffffffff)
f22 -nan(0x7fffff) (raw 0xffffffff)
f23 -nan(0x7fffff) (raw 0xffffffff)
f24 -nan(0x7fffff) (raw 0xffffffff)
f25 -nan(0x7fffff) (raw 0xffffffff)
f26 -nan(0x7fffff) (raw 0xffffffff)
f27 -nan(0x7fffff) (raw 0xffffffff)
f28 -nan(0x7fffff) (raw 0xffffffff)
f29 -nan(0x7fffff) (raw 0xffffffff)
f30 -nan(0x7fffff) (raw 0xffffffff)
f31 -nan(0x7fffff) (raw 0xffffffff)
y 0x14 20
psr 0xfe001000 -33550336
wim 0x0 0
tbr 0x0 0
pc 0xd0858 0xd0858 <demux_real_fill_buffer+3636>
npc 0xd085c 0xd085c <demux_real_fill_buffer+3640>
fsr 0x820 2080
csr 0x0 0
d0 4.03619722004931e+180 (raw 0x656f204944203d20)
d2 1.5810100666919889e-322 (raw 0x0000000000000020)
d4 9.5217686225385875e-90 (raw 0x2d73656c65637465)
d6 2.0184002582312036e+174 (raw 0x6420524d20766964)
d8 1.0894993522595632e-14 (raw 0x3d08888941f00000)
d10 1.4821969375237396e-322 (raw 0x000000000000001e)
d12 -209228349852699.59 (raw 0xc2e7c958af098373)
d14 -1.4720744977244773e-227 (raw 0x90d6518e442570f1)
d16 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)
d18 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)
d20 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)
d22 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)
d24 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)
d26 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)
d28 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)
d30 -nan(0xfffffffffffff) (raw 0xffffffffffffffff)

comment:6 by diego@…, 19 years ago

Cc: Reimar.Doeffinger@… added

Does this issue still exist now that demux_real.c has been rewritten?

comment:7 by hagen.heiduck@…, 19 years ago

Yes, same result with CVS-1.0.20060217

comment:8 by diego@…, 19 years ago

Owner: changed from moritz@… to r_togni@…

Roberto, the RM demuxer is your territory...

comment:9 by compn, 14 years ago

Owner: changed from r_togni@… to reimar

comment:10 by reimar, 14 years ago

Resolution: fixed
Status: newclosed

Might have been fixed by SVN r32683.
-demuxer lavf should work as well.

Note: See TracTickets for help on using tickets.