Re: [FFmpeg-devel] [PATCH 3/4 v2] avcodec/vc1: rewrite vc1_decode_i_blocks to align with VC-1 spec
On Sun, Jun 10, 2018 at 10:18:45AM +0200, Jerome Borsboom wrote: > Thank you for the rigorous testing of my patches. I try to be careful > when changing things, but every now and then I unwittingly may break > things that do not surface in setup. > > There is something strange with the backtraces. The 'Slice header > damaged' error indicates that the source file is coded with slices. > Slices, however, only occur in VC-1 advanced profile. The backtrace with > the invalid read contains vc1_decode_i_blocks which is only used in > Simple and Main profile. I currently do not see how this adds up. > > Is this crash related to a specific source file? If so, could you share it? will mail it to you privatly thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Old school: Use the lowest level language in which you can solve the problem conveniently. New school: Use the highest level language in which the latest supercomputer can solve the problem without the user falling asleep waiting. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 3/4 v2] avcodec/vc1: rewrite vc1_decode_i_blocks to align with VC-1 spec
Thank you for the rigorous testing of my patches. I try to be careful when changing things, but every now and then I unwittingly may break things that do not surface in setup. There is something strange with the backtraces. The 'Slice header damaged' error indicates that the source file is coded with slices. Slices, however, only occur in VC-1 advanced profile. The backtrace with the invalid read contains vc1_decode_i_blocks which is only used in Simple and Main profile. I currently do not see how this adds up. Is this crash related to a specific source file? If so, could you share it? Regards, Jerome > > crashes: > > [vc1 @ 0x11b77200] Slice header damaged > ==2065==at 0x120D69C: VALGRIND_PRINTF_BACKTRACE (valgrind.h:4550) > ==2065==by 0x120E11C: av_log_default_callback (log.c:351) > ==2065==by 0x120E2BB: av_vlog (log.c:377) > ==2065==by 0x120E27B: av_log (log.c:369) > ==2065==by 0xC3B5B5: vc1_decode_frame (vc1dec.c:1014) > ==2065==by 0x8A6BAB: decode_simple_internal (decode.c:398) > ==2065==by 0x8A7832: decode_simple_receive_frame (decode.c:594) > ==2065==by 0x8A78FD: decode_receive_frame_internal (decode.c:612) > ==2065==by 0x8A7B75: avcodec_send_packet (decode.c:674) > ==2065==by 0x43373E: decode (ffmpeg.c:2238) > ==2065==by 0x433F98: decode_video (ffmpeg.c:2382) > ==2065==by 0x434FE0: process_input_packet (ffmpeg.c:2623) > ==2065==by 0x43C207: process_input (ffmpeg.c:4461) > ==2065==by 0x43C7B0: transcode_step (ffmpeg.c:4581) > ==2065==by 0x43C92C: transcode (ffmpeg.c:4635) > ==2065==by 0x43D199: main (ffmpeg.c:4842) > ==2065== Invalid read of size 8 > ==2065==at 0xD790BD: ??? (libavcodec/x86/vc1dsp_loopfilter.asm:302) > ==2065==by 0xC26AA6: vc1_i_v_loop_filter (vc1_loopfilter.c:239) > ==2065==by 0xC26BFB: ff_vc1_i_loop_filter (vc1_loopfilter.c:266) > ==2065==by 0xC23C72: vc1_decode_i_blocks (vc1_block.c:2594) > ==2065==by 0xC259D4: ff_vc1_decode_blocks (vc1_block.c:2969) > ==2065==by 0xC3B7D6: vc1_decode_frame (vc1dec.c:1042) > ==2065==by 0x8A6BAB: decode_simple_internal (decode.c:398) > ==2065==by 0x8A7832: decode_simple_receive_frame (decode.c:594) > ==2065==by 0x8A78FD: decode_receive_frame_internal (decode.c:612) > ==2065==by 0x8A7B75: avcodec_send_packet (decode.c:674) > ==2065==by 0x43373E: decode (ffmpeg.c:2238) > ==2065==by 0x433F98: decode_video (ffmpeg.c:2382) > ==2065==by 0x434FE0: process_input_packet (ffmpeg.c:2623) > ==2065==by 0x43C207: process_input (ffmpeg.c:4461) > ==2065==by 0x43C7B0: transcode_step (ffmpeg.c:4581) > ==2065==by 0x43C92C: transcode (ffmpeg.c:4635) > ==2065==by 0x43D199: main (ffmpeg.c:4842) > ==2065== Address 0x11f25100 is not stack'd, malloc'd or (recently) free'd > > > > ==2065== Process terminating with default action of signal 11 (SIGSEGV) > ==2065== General Protection Fault > ==2065==at 0x13786A6: ??? (in ffmpeg/ffmpeg_g) > ==2065==by 0x11F8D78: av_buffer_pool_uninit (buffer.c:285) > ==2065==by 0xBF5F7B: avcodec_close (utils.c:1089) > ==2065==by 0x43CCB5: transcode (ffmpeg.c:4697) > ==2065==by 0x43D199: main (ffmpeg.c:4842) > > [...] ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 3/4 v2] avcodec/vc1: rewrite vc1_decode_i_blocks to align with VC-1 spec
On Fri, Jun 08, 2018 at 11:01:30AM +0200, Jerome Borsboom wrote: > Change vc1_decode_i_blocks to use vc1_put_blocks_clamped and > ff_vc1_i_loop_filter. > > Signed-off-by: Jerome Borsboom > --- > libavcodec/vc1_block.c | 77 > +++--- > 1 file changed, 29 insertions(+), 48 deletions(-) crashes: [vc1 @ 0x11b77200] Slice header damaged ==2065==at 0x120D69C: VALGRIND_PRINTF_BACKTRACE (valgrind.h:4550) ==2065==by 0x120E11C: av_log_default_callback (log.c:351) ==2065==by 0x120E2BB: av_vlog (log.c:377) ==2065==by 0x120E27B: av_log (log.c:369) ==2065==by 0xC3B5B5: vc1_decode_frame (vc1dec.c:1014) ==2065==by 0x8A6BAB: decode_simple_internal (decode.c:398) ==2065==by 0x8A7832: decode_simple_receive_frame (decode.c:594) ==2065==by 0x8A78FD: decode_receive_frame_internal (decode.c:612) ==2065==by 0x8A7B75: avcodec_send_packet (decode.c:674) ==2065==by 0x43373E: decode (ffmpeg.c:2238) ==2065==by 0x433F98: decode_video (ffmpeg.c:2382) ==2065==by 0x434FE0: process_input_packet (ffmpeg.c:2623) ==2065==by 0x43C207: process_input (ffmpeg.c:4461) ==2065==by 0x43C7B0: transcode_step (ffmpeg.c:4581) ==2065==by 0x43C92C: transcode (ffmpeg.c:4635) ==2065==by 0x43D199: main (ffmpeg.c:4842) ==2065== Invalid read of size 8 ==2065==at 0xD790BD: ??? (libavcodec/x86/vc1dsp_loopfilter.asm:302) ==2065==by 0xC26AA6: vc1_i_v_loop_filter (vc1_loopfilter.c:239) ==2065==by 0xC26BFB: ff_vc1_i_loop_filter (vc1_loopfilter.c:266) ==2065==by 0xC23C72: vc1_decode_i_blocks (vc1_block.c:2594) ==2065==by 0xC259D4: ff_vc1_decode_blocks (vc1_block.c:2969) ==2065==by 0xC3B7D6: vc1_decode_frame (vc1dec.c:1042) ==2065==by 0x8A6BAB: decode_simple_internal (decode.c:398) ==2065==by 0x8A7832: decode_simple_receive_frame (decode.c:594) ==2065==by 0x8A78FD: decode_receive_frame_internal (decode.c:612) ==2065==by 0x8A7B75: avcodec_send_packet (decode.c:674) ==2065==by 0x43373E: decode (ffmpeg.c:2238) ==2065==by 0x433F98: decode_video (ffmpeg.c:2382) ==2065==by 0x434FE0: process_input_packet (ffmpeg.c:2623) ==2065==by 0x43C207: process_input (ffmpeg.c:4461) ==2065==by 0x43C7B0: transcode_step (ffmpeg.c:4581) ==2065==by 0x43C92C: transcode (ffmpeg.c:4635) ==2065==by 0x43D199: main (ffmpeg.c:4842) ==2065== Address 0x11f25100 is not stack'd, malloc'd or (recently) free'd ==2065== Process terminating with default action of signal 11 (SIGSEGV) ==2065== General Protection Fault ==2065==at 0x13786A6: ??? (in ffmpeg/ffmpeg_g) ==2065==by 0x11F8D78: av_buffer_pool_uninit (buffer.c:285) ==2065==by 0xBF5F7B: avcodec_close (utils.c:1089) ==2065==by 0x43CCB5: transcode (ffmpeg.c:4697) ==2065==by 0x43D199: main (ffmpeg.c:4842) [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB No snowflake in an avalanche ever feels responsible. -- Voltaire signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 3/4 v2] avcodec/vc1: rewrite vc1_decode_i_blocks to align with VC-1 spec
Change vc1_decode_i_blocks to use vc1_put_blocks_clamped and ff_vc1_i_loop_filter. Signed-off-by: Jerome Borsboom --- libavcodec/vc1_block.c | 77 +++--- 1 file changed, 29 insertions(+), 48 deletions(-) diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c index 1dc8c6422d..a7ba261ccb 100644 --- a/libavcodec/vc1_block.c +++ b/libavcodec/vc1_block.c @@ -2541,26 +2541,24 @@ static void vc1_decode_i_blocks(VC1Context *v) s->mb_x = 0; init_block_index(v); for (; s->mb_x < v->end_mb_x; s->mb_x++) { -uint8_t *dst[6]; +int16_t (*block)[64] = v->block[v->cur_blk_idx]; ff_update_block_index(s); -dst[0] = s->dest[0]; -dst[1] = dst[0] + 8; -dst[2] = s->dest[0] + s->linesize * 8; -dst[3] = dst[2] + 8; -dst[4] = s->dest[1]; -dst[5] = s->dest[2]; -s->bdsp.clear_blocks(s->block[0]); +s->bdsp.clear_blocks(block[0]); mb_pos = s->mb_x + s->mb_y * s->mb_width; s->current_picture.mb_type[mb_pos] = MB_TYPE_INTRA; s->current_picture.qscale_table[mb_pos]= v->pq; -s->current_picture.motion_val[1][s->block_index[0]][0] = 0; -s->current_picture.motion_val[1][s->block_index[0]][1] = 0; +for (int i = 0; i < 4; i++) { +s->current_picture.motion_val[1][s->block_index[i]][0] = 0; +s->current_picture.motion_val[1][s->block_index[i]][1] = 0; +} // do actual MB decoding and displaying cbp = get_vlc2(>s.gb, ff_msmp4_mb_i_vlc.table, MB_INTRA_VLC_BITS, 2); v->s.ac_pred = get_bits1(>s.gb); for (k = 0; k < 6; k++) { +v->mb_type[0][s->block_index[k]] = 1; + val = ((cbp >> (5 - k)) & 1); if (k < 4) { @@ -2570,52 +2568,30 @@ static void vc1_decode_i_blocks(VC1Context *v) } cbp |= val << (5 - k); -vc1_decode_i_block(v, s->block[k], k, val, (k < 4) ? v->codingset : v->codingset2); +vc1_decode_i_block(v, block[k], k, val, (k < 4) ? v->codingset : v->codingset2); if (CONFIG_GRAY && k > 3 && (s->avctx->flags & AV_CODEC_FLAG_GRAY)) continue; -v->vc1dsp.vc1_inv_trans_8x8(s->block[k]); -if (v->pq >= 9 && v->overlap) { -if (v->rangeredfrm) +v->vc1dsp.vc1_inv_trans_8x8(block[k]); +} + +if (v->overlap && v->pq >= 9) { +ff_vc1_i_overlap_filter(v); +if (v->rangeredfrm) +for (k = 0; k < 6; k++) for (j = 0; j < 64; j++) -s->block[k][j] <<= 1; -s->idsp.put_signed_pixels_clamped(s->block[k], dst[k], - k & 4 ? s->uvlinesize -: s->linesize); -} else { -if (v->rangeredfrm) +block[k][j] <<= 1; +vc1_put_blocks_clamped(v, 1); +} else { +if (v->rangeredfrm) +for (k = 0; k < 6; k++) for (j = 0; j < 64; j++) -s->block[k][j] = (s->block[k][j] - 64) << 1; -s->idsp.put_pixels_clamped(s->block[k], dst[k], - k & 4 ? s->uvlinesize - : s->linesize); -} +block[k][j] = (block[k][j] - 64) << 1; +vc1_put_blocks_clamped(v, 0); } -if (v->pq >= 9 && v->overlap) { -if (s->mb_x) { -v->vc1dsp.vc1_h_overlap(s->dest[0], s->linesize); -v->vc1dsp.vc1_h_overlap(s->dest[0] + 8 * s->linesize, s->linesize); -if (!CONFIG_GRAY || !(s->avctx->flags & AV_CODEC_FLAG_GRAY)) { -v->vc1dsp.vc1_h_overlap(s->dest[1], s->uvlinesize); -v->vc1dsp.vc1_h_overlap(s->dest[2], s->uvlinesize); -} -} -v->vc1dsp.vc1_h_overlap(s->dest[0] + 8, s->linesize); -v->vc1dsp.vc1_h_overlap(s->dest[0] + 8 * s->linesize + 8, s->linesize); -if (!s->first_slice_line) { -v->vc1dsp.vc1_v_overlap(s->dest[0], s->linesize); -v->vc1dsp.vc1_v_overlap(s->dest[0] + 8, s->linesize); -if (!CONFIG_GRAY || !(s->avctx->flags & AV_CODEC_FLAG_GRAY)) { -v->vc1dsp.vc1_v_overlap(s->dest[1], s->uvlinesize); -v->vc1dsp.vc1_v_overlap(s->dest[2],