[issue2653] Memory access errors in aac encoder

Tue, 08 Mar 2011 14:05:00 -0800 

New submission from Gian-Carlo Pascutto <g...@sjeng.org>:

I wanted to take a look why the AAC encoder performs so bad, but I didn't get 
far:

$ gdb ./ffmpeg_g.exe
GNU gdb (GDB) 7.2
<...>
Reading symbols from c:\Projects\ffmpeg/./ffmpeg_g.exe...done.
(gdb) run -i c:/work/samples/after.wav after.aac
Starting program: c:\Projects\ffmpeg/./ffmpeg_g.exe -i c:/work/samples/after.wav
 after.aac
[New Thread 896.0x1010]
FFmpeg version git-f1ef2cd, Copyright (c) 2000-2011 the FFmpeg developers
  built on Mar  8 2011 22:41:07 with gcc 4.5.2
  configuration: --disable-ffprobe --disable-ffserver --disable-everything --dis
able-network --enable-ffmpeg --enable-encoder='aac,pcm_f32le,pcm_f64le,pcm_s16le
,pcm_s24le,pcm_s32le,pcm_u16le,pcm_u24le,pcm_u32le,pcm_u8,aac,aac_ltm' --enable-
parser='aac,aac_ltm,flac' --enable-muxer='adts,aiff,mp4,pcm_f32le,pcm_f64le,pcm_
s16le,pcm_s24le,pcm_s32le,pcm_u16le,pcm_u24le,pcm_u32le,pcm_u8,wav' --enable-dem
uxer='aac,pcm_f32le,pcm_f64le,pcm_s16le,pcm_s24le,pcm_s32le,pcm_u16le,pcm_u24le,
pcm_u32le,pcm_u8.flac,wav' --enable-decoder='pcm_f32le,pcm_f64le,pcm_s16le,pcm_s
24le,pcm_s32le,pcm_u16le,pcm_u24le,pcm_u32le,pcm_u8,aac,aac_ltm,flac' --enable-p
rotocol='file,pipe' --enable-memalign-hack --disable-pthreads --disable-asm --di
sable-optimizations
  libavutil    50. 39. 0 / 50. 39. 0
  libavcodec   52.113. 2 / 52.113. 2
  libavformat  52.102. 0 / 52.102. 0
  libavdevice  52.  2. 3 / 52.  2. 3
  libavfilter   1. 76. 0 /  1. 76. 0
  libswscale    0. 12. 0 /  0. 12. 0
[wav @ 00dea9c0] max_analyze_duration reached
Input #0, wav, from 'c:/work/samples/after.wav':
  Duration: 00:00:29.09, bitrate: 1411 kb/s
    Stream #0.0: Audio: pcm_s16le, 44100 Hz, 2 channels, s16, 1411 kb/s
File 'after.aac' already exists. Overwrite ? [y/N] y
Output #0, adts, to 'after.aac':
  Metadata:
    encoder         : Lavf52.102.0
    Stream #0.0: Audio: aac, 44100 Hz, 2 channels, s16, 64 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
Press [q] to stop encoding

Program received signal SIGSEGV, Segmentation fault.
0x0047d1e7 in abs_pow34_v (out=0x0, in=0x1334610, size=1024)
    at libavcodec/aaccoder.c:89
89              out[i] = sqrtf(a * sqrtf(a));
(gdb) print i
$1 = 0
(gdb) bt
#0  0x0047d1e7 in abs_pow34_v (out=0x0, in=0x1334610, size=1024)
    at libavcodec/aaccoder.c:89
#1  0x0047ff6a in search_for_quantizers_twoloop (avctx=0xd8fc50, s=0xda2a80,
    sce=0x1333160, lambda=120) at libavcodec/aaccoder.c:741
#2  0x00464c77 in aac_encode_frame (avctx=0xd8fc50, frame=0x13dd950 "Ü",
    buf_size=64584, data=0x13d10f0) at libavcodec/aacenc.c:573
#3  0x004381e4 in avcodec_encode_audio (avctx=0xd8fc50, buf=0x13dd950 "Ü",
    buf_size=64584, samples=0x13d10f0) at libavcodec/utils.c:593
#4  0x004032e6 in do_audio_out (s=0xda1940, ost=0xda28f0, ist=0xd1d690,
    buf=0x13a22d0 "û\377÷\377ø\377û\377ü\377ù\377ø\377ú\377ü\377ú\377ø\377ù\377ü
\377û\377ù\377ø\377û\377û\377ú\377ø\377ù\377û\377û\377ø\377ø\377ú\377ü\377ù\377ø
\377ù\377ü\377ú\377ù\377ø\377ú\377û\377ú\377ø\377ù\377û\377ú\377ø\377ú\377ú\377ù
\377ù\377ü\377ú\377÷\377ù\377þ\377ú\377ö\377ù\377þ\377û\377÷\377ø\377ü\377û\377ù
\377ø\377ú\377ú\377û\377ú\377ù\377÷\377û\377ý\377ù\377ö\377ú\377ý\377û\377ö\377ø
\377ü\377ü\377ø\377÷\377ú\377ý\377ú\377÷\377ø\377ý\377û\377÷\377÷\377ý\377ü\377÷
\377÷\377ý\377û\377÷\377ø\377ý\377û\377"..., size=4096) at ffmpeg.c:947
#5  0x00405c35 in output_packet (ist=0xd1d690, ist_index=0,
    ost_table=0xd005a0, nb_ostreams=1, pkt=0x27f510) at ffmpeg.c:1659
#6  0x004096b1 in transcode (output_files=0x4f5840, nb_output_files=1,
    input_files=0x4f5040, nb_input_files=1, stream_maps=0x0, nb_stream_maps=0)
    at ffmpeg.c:2629
#7  0x0040dd22 in main (argc=4, argv=0xde1878) at ffmpeg.c:4360
(gdb) up
#1  0x0047ff6a in search_for_quantizers_twoloop (avctx=0xd8fc50, s=0xda2a80,
    sce=0x1333160, lambda=120) at libavcodec/aaccoder.c:741
741         abs_pow34_v(s->scoefs, sce->coeffs, 1024);
(gdb) print s
$2 = (AACEncContext *) 0xda2a80
(gdb) print s->coder
Display all 13555 possibilities? (y or n)
(gdb) print s->scoefs
$3 = (float *) 0x0
(gdb)

So, the buffer that should contain the quantized spectrum coefficients is zero.
Where is it allocated? I can only find:

aacenc.c: 601:
            for (j = 0; j < chans; j++) {
                s->cur_channel = start_ch + j;
                s->scoefs = cpe->ch[j].ret;
                encode_individual_channel(avctx, s, &cpe->ch[j],
cpe->common_window);
            }

But this won't be reached before the search_for_quantizers runs.

This is a (completely breaking!) regression introduced by commit 2790d7. It
should probably be reverted.

----------
messages: 13838
nosy: aconverse
priority: normal
status: new
substatus: new
title: Memory access errors in aac encoder
topic: avcodec
type: bug

________________________________________________
FFmpeg issue tracker <iss...@roundup.ffmpeg.org>
<https://roundup.ffmpeg.org/issue2653>
________________________________________________

Reply via email to