[issue593] libx264 segfault in evalPow

Sami Farin Thu, 21 Aug 2008 10:21:49 -0700

New submission from Sami Farin <[EMAIL PROTECTED]>:

This has been bisected to x264 commit 7c35ae4abafb8babf1d5456f967920a38d5b572f:
6% faster deblock: remove some clips, earlier termiantion on low qps.


It does not matter what is the input file, it can be any picture and you get the
same result.

Starting program: /usr/local/bin/ffmpeg -i x.png -y -acodec copy -vcodec libx264
x.avi
Missing separate debuginfo for /usr/lib64/libgsm.so.1
Try: yum --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/d7/0631553a083c7d34ced79f78b3cde0e615ab8b.debug
[Thread debugging using libthread_db enabled]
FFmpeg version SVN-r14883, Copyright (c) 2000-2008 Fabrice Bellard, et al.
  configuration: --cc=/usr/bin/gcc --extra-cflags=-m64 -O2 -std=gnu99
--enable-libvorbis --enable-libx264 --enable-libmp3lame --enable-gpl
--enable-pthreads --enable-postproc --enable-swscale --enable-libxvid
--enable-libfaac --enable-libfaad --enable-libgsm
  libavutil     49.10. 0 / 49.10. 0
  libavcodec    51.69. 0 / 51.69. 0
  libavformat   52.20. 0 / 52.20. 0
  libavdevice   52. 1. 0 / 52. 1. 0
  built on Aug 21 2008 19:24:28, gcc: 4.3.1 20080728 (Red Hat 4.3.1-5)
Input #0, image2, from 'x.png':
  Duration: 00:00:00.04, start: 0.000000, bitrate: N/A
    Stream #0.0: Video: png, pal8, 420x300, 25.00 tb(r)
Output #0, avi, to 'x.avi':
    Stream #0.0: Video: libx264, yuv420p, 420x300, q=2-31, 200 kb/s, 25.00 tb(c)
Stream mapping:
  Stream #0.0 -> #0.0
[libx264 @ 0x2844270]width or height not divisible by 16 (420x300), compression
will suffer.
[libx264 @ 0x2844270]using cpu capabilities: MMX2 SSE2 SSE3 Cache64
Press [q] to stop encoding
[New Thread 0x7fb69c9c66f0 (LWP 5783)]

Program received signal SIGSEGV, Segmentation fault.
0x00000000007cd9e4 in evalPow (p=0x7fff9b307650) at encoder/eval.c:174
174         if(p->s[0]=='+') p->s++;
Missing separate debuginfos, use: debuginfo-install glibc.x86_64
(gdb) bt
#0  0x00000000007cd9e4 in evalPow (p=0x7fff9b307650) at encoder/eval.c:174
#1  0x00000000007ce14f in evalFactor (p=0x7fff9b307650) at encoder/eval.c:196
#2  0x00000000007ce1bb in evalTerm (p=0x7fff9b307650) at encoder/eval.c:208
#3  0x00000000007ce255 in evalExpression (p=0x7fff9b307650) at 
encoder/eval.c:222
#4  0x00000000007ce321 in x264_eval (s=<value optimized out>,
const_value=0x7fff9b307a10, 
    const_name=0xb64ec0, func1=0xb64eb0, func1_name=0xb64ea0, func2=0x0,
func2_name=0x0, 
    opaque=0x7fff9b307b70) at encoder/eval.c:251
#5  0x00000000007bd561 in get_qscale (h=0x2851f50, rce=0x7fff9b307b70, 
    rate_factor=0.050458375507239764, frame_num=<value optimized out>)
    at encoder/ratecontrol.c:1198
#6  0x00000000007c17ed in rate_estimate_qscale (h=0x2851f50) at
encoder/ratecontrol.c:1552
#7  0x00000000007c1f7c in x264_ratecontrol_start (h=0x2851f50, i_force_qp=0)
    at encoder/ratecontrol.c:808
#8  0x0000000000785dc9 in x264_encoder_encode (h=0x2851f50, 
pp_nal=0x7fff9b307db0, 
    pi_nal=0x7fff9b307dbc, pic_in=<value optimized out>, pic_out=0x7fff9b307d60)
    at encoder/encoder.c:1471
#9  0x000000000070f04c in X264_frame ()
#10 0x00000000004b6f87 in avcodec_encode_video ()
#11 0x000000000042e71f in output_packet ()
#12 0x0000000000431fad in av_encode ()
#13 0x0000000000432540 in main ()
(gdb) d32
Dump of assembler code from 0x7cd9c4 to 0x7cda04:
0x00000000007cd9c4 <evalPow+6>: pop    %rbp
0x00000000007cd9c5 <evalPow+7>: fmuls  0x65(%rcx,%rcx,4)
0x00000000007cd9c9 <evalPow+11>:        loopne 0x7cda17 <evalPow+89>
0x00000000007cd9cb <evalPow+13>:        mov    %ebp,-0x18(%rbp)
0x00000000007cd9ce <evalPow+16>:        mov    %r14,-0x10(%rbp)
0x00000000007cd9d2 <evalPow+20>:        mov    %r15,-0x8(%rbp)
0x00000000007cd9d6 <evalPow+24>:        sub    $0x50,%rsp
0x00000000007cd9da <evalPow+28>:        mov    %rdi,%r13
0x00000000007cd9dd <evalPow+31>:        mov    0x328(%rdi),%rax
0x00000000007cd9e4 <evalPow+38>:        cmpb   $0x2b,(%rax)
0x00000000007cd9e7 <evalPow+41>:        jne    0x7cd9f4 <evalPow+54>
0x00000000007cd9e9 <evalPow+43>:        add    $0x1,%rax
0x00000000007cd9ed <evalPow+47>:        mov    %rax,0x328(%rdi)
0x00000000007cd9f4 <evalPow+54>:        mov    0x328(%r13),%rax
0x00000000007cd9fb <evalPow+61>:        mov    $0x0,%r14d
0x00000000007cda01 <evalPow+67>:        cmpb   $0x2d,(%rax)
End of assembler dump.
(gdb) info all-reg
rax            0x0      0
rbx            0x7fff9b307650   140735797032528
rcx            0xb64eb0 11947696
rdx            0xb64ec0 11947712
rsi            0x7fff9b307a10   140735797033488
rdi            0x7fff9b307650   140735797032528
rbp            0x7fff9b3075c0   0x7fff9b3075c0
rsp            0x7fff9b307570   0x7fff9b307570
r8             0xb64ea0 11947680
r9             0x0      0
r10            0x0      0
r11            0x201    513
r12            0x2888450        42501200
r13            0x7fff9b307650   140735797032528
r14            0x0      0
r15            0x2      2
rip            0x7cd9e4 0x7cd9e4 <evalPow+38>
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
st0            -nan(0xebebebebeb000000) (raw 0xffffebebebebeb000000)
st1            -nan(0xebebebebebebebeb) (raw 0xffffebebebebebebebeb)
st2            -inf     (raw 0xffff0000000000000000)
st3            -nan(0xebebebebeb000000) (raw 0xffffebebebebeb000000)
st4            -nan(0xebebebebebebebeb) (raw 0xffffebebebebebebebeb)
st5            -nan(0xebebebebebebebeb) (raw 0xffffebebebebebebebeb)
st6            -nan(0xeb00eb00eb00eb)   (raw 0xffff00eb00eb00eb00eb)
st7            -nan(0xebebebebebebebeb) (raw 0xffffebebebebebebebeb)
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x8}, v2_double = {0x0, 0x21748},
v16_int8 = {
    0x0 <repeats 12 times>, 0x40, 0xba, 0x0, 0x41}, v8_int16 = {0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 
    0xba40, 0x4100}, v4_int32 = {0x0, 0x0, 0x0, 0x4100ba40}, v2_int64 = {0x0, 
    0x4100ba4000000000}, uint128 = 0x4100ba40000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x0}, 
  v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 
    0x0}, v8_int16 = {0x0, 0x0, 0x0, 0xfff8, 0x0, 0x0, 0x0, 0x0}, v4_int32 = 
{0x0, 
    0xfff80000, 0x0, 0x0}, v2_int64 = {0xfff8000000000000, 0x0}, 
  uint128 = 0x0000000000000000fff8000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x0}, 
  v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 
    0x0}, v8_int16 = {0x0, 0x0, 0x0, 0xfff8, 0x0, 0x0, 0x0, 0x0}, v4_int32 = 
{0x0, 
    0xfff80000, 0x0, 0x0}, v2_int64 = {0xfff8000000000000, 0x0}, 
  uint128 = 0x0000000000000000fff8000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x0}, 
  v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 
    0x0}, v8_int16 = {0x0, 0x0, 0x0, 0xfff8, 0x0, 0x0, 0x0, 0x0}, v4_int32 = 
{0x0, 
    0xfff80000, 0x0, 0x0}, v2_int64 = {0xfff8000000000000, 0x0}, 
  uint128 = 0x0000000000000000fff8000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x0}, 
  v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 
    0x0}, v8_int16 = {0x0, 0x0, 0x0, 0xfff8, 0x0, 0x0, 0x0, 0x0}, v4_int32 = 
{0x0, 
    0xfff80000, 0x0, 0x0}, v2_int64 = {0xfff8000000000000, 0x0}, 
  uint128 = 0x0000000000000000fff8000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x0}, 
  v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 
    0x0}, v8_int16 = {0x0, 0x0, 0x0, 0xfff8, 0x0, 0x0, 0x0, 0x0}, v4_int32 = 
{0x0, 
    0xfff80000, 0x0, 0x0}, v2_int64 = {0xfff8000000000000, 0x0}, 
  uint128 = 0x0000000000000000fff8000000000000}
xmm6           {v4_float = {0x0, 0x8, 0x0, 0x0}, v2_double = {0x21748, 0x0},
v16_int8 = {0x0, 
    0x0, 0x0, 0x0, 0x40, 0xba, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0}, 
  v8_int16 = {0x0, 0x0, 0xba40, 0x4100, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0,
0x4100ba40, 
    0x0, 0x0}, v2_int64 = {0x4100ba4000000000, 0x0}, 
  uint128 = 0x00000000000000004100ba4000000000}
xmm7           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v8_int16 = {
    0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000,
0x0, 0x0}, 
  v2_int64 = {0x3ff0000000000000, 0x0}, uint128 =
0x00000000000000003ff0000000000000}
xmm8           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {
    0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm9           {v4_float = {0x0, 0x4, 0x0, 0x0}, v2_double = {0x201, 0x0},
v16_int8 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x8, 0x80, 0x40, 0xeb, 0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb,
0x0}, 
  v8_int16 = {0x0, 0x0, 0x800, 0x4080, 0xeb, 0xeb, 0xeb, 0xeb}, v4_int32 = {0x0,
0x40800800, 
    0xeb00eb, 0xeb00eb}, v2_int64 = {0x4080080000000000, 0xeb00eb00eb00eb}, 
  uint128 = 0x00eb00eb00eb00eb4080080000000000}
xmm10          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xeb, 
    0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb,
0x0}, 
  v8_int16 = {0xeb, 0xeb, 0xeb, 0xeb, 0xeb, 0xeb, 0xeb, 0xeb}, v4_int32 =
{0xeb00eb, 
    0xeb00eb, 0xeb00eb, 0xeb00eb}, v2_int64 = {0xeb00eb00eb00eb, 
0xeb00eb00eb00eb}, 
  uint128 = 0x00eb00eb00eb00eb00eb00eb00eb00eb}
xmm11          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xeb, 
    0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb, 0x0, 0xeb,
0x0}, 
  v8_int16 = {0xeb, 0xeb, 0xeb, 0xeb, 0xeb, 0xeb, 0xeb, 0xeb}, v4_int32 =
{0xeb00eb, 
    0xeb00eb, 0xeb00eb, 0xeb00eb}, v2_int64 = {0xeb00eb00eb00eb, 
0xeb00eb00eb00eb}, 
  uint128 = 0x00eb00eb00eb00eb00eb00eb00eb00eb}
xmm12          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {
    0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm13          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {
    0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm14          {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {
    0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {
    0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm15          {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0},
v16_int8 = {0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v8_int16 = {
    0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000,
0x0, 0x0}, 
  v2_int64 = {0x3ff0000000000000, 0x0}, uint128 =
0x00000000000000003ff0000000000000}
mxcsr          0x1fa1   [ IE PE IM DM ZM OM UM PM ]

----------
messages: 2828
nosy: safari
priority: normal
status: new
substatus: new
title: libx264 segfault in evalPow
type: bug

______________________________________________________
FFmpeg issue tracker <[EMAIL PROTECTED]>
<https://roundup.mplayerhq.hu/roundup/ffmpeg/issue593>
______________________________________________________

[issue593] libx264 segfault in evalPow

Reply via email to