Re: [FFmpeg-trac] #4151(swscale:open): Crash the ffmpeg then convert YV12 (yuv420p) to NV12 if width is less than 32

Tue, 02 Dec 2014 07:55:46 -0800 

#4151: Crash the ffmpeg then convert YV12 (yuv420p) to NV12 if width is less 
than
32
---------------------------------------+-----------------------------------
             Reporter:  v0lt           |                    Owner:
                 Type:  defect         |                   Status:  open
             Priority:  important      |                Component:  swscale
              Version:  git-master     |               Resolution:
             Keywords:  crash SIGSEGV  |               Blocked By:
             Blocking:                 |  Reproduced by developer:  1
Analyzed by developer:  0              |
---------------------------------------+-----------------------------------
Changes (by cehoyos):

 * keywords:   => crash SIGSEGV
 * priority:  normal => important
 * status:  new => open
 * reproduced:  0 => 1


Comment:

 For future tickets: Please always provide your failing command line
 together with the complete, uncut console output.
 {{{
 (gdb) r -f lavfi -i color=s=16x16 -pix_fmt nv12 -f null -
 Starting program: ffmpeg_g -f lavfi -i color=s=16x16 -pix_fmt nv12 -f null
 -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version N-68146-gd771696 Copyright (c) 2000-2014 the FFmpeg
 developers
   built on Dec  2 2014 16:49:09 with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl
   libavutil      54. 15.100 / 54. 15.100
   libavcodec     56. 13.100 / 56. 13.100
   libavformat    56. 15.101 / 56. 15.101
   libavdevice    56.  3.100 / 56.  3.100
   libavfilter     5.  2.103 /  5.  2.103
   libswscale      3.  1.101 /  3.  1.101
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  3.100 / 53.  3.100
 [New Thread 0x7ffff14f0700 (LWP 18162)]
 [New Thread 0x7ffff0cef700 (LWP 18163)]
 [New Thread 0x7ffff04ee700 (LWP 18164)]
 [New Thread 0x7fffefced700 (LWP 18165)]
 [New Thread 0x7fffef4ec700 (LWP 18166)]
 [New Thread 0x7fffeeceb700 (LWP 18167)]
 [New Thread 0x7fffee4ea700 (LWP 18168)]
 [New Thread 0x7fffedce9700 (LWP 18169)]
 [New Thread 0x7fffed4e8700 (LWP 18170)]
 Input #0, lavfi, from 'color=s=16x16':
   Duration: N/A, start: 0.000000, bitrate: N/A
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 16x16 [SAR
 1:1 DAR 1:1], 25 tbr, 25 tbn, 25 tbc
 [New Thread 0x7fffecce7700 (LWP 18171)]
 [New Thread 0x7fffec4e6700 (LWP 18172)]
 [New Thread 0x7fffebce5700 (LWP 18173)]
 [New Thread 0x7fffeb4e4700 (LWP 18174)]
 [New Thread 0x7fffeace3700 (LWP 18175)]
 [New Thread 0x7fffea4e2700 (LWP 18176)]
 [New Thread 0x7fffe9ce1700 (LWP 18177)]
 [New Thread 0x7fffe94e0700 (LWP 18178)]
 [New Thread 0x7fffe8cdf700 (LWP 18179)]
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf56.15.101
     Stream #0:0: Video: rawvideo (NV12 / 0x3231564E), nv12, 16x16 [SAR 1:1
 DAR 1:1], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
     Metadata:
       encoder         : Lavc56.13.100 rawvideo
 Stream mapping:
   Stream #0:0 -> #0:0 (rawvideo (native) -> rawvideo (native))
 Press [q] to stop, [?] for help

 Program received signal SIGSEGV, Segmentation fault.
 0x0000000000e477af in interleaveBytes_sse2 (
     src1=0x1a73980
 
"\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200",
     src2=0x1a739c0
 
"\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200",
     dest=0x1a68660
 
"\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200",
 width=8, height=8,
     src1Stride=8, src2Stride=8, dstStride=32) at
 libswscale/x86/rgb2rgb_template.c:1891
 1891            __asm__(
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0xe4778f to 0xe477cf:
    0x0000000000e4778f <interleaveBytes_sse2+79>:        mov
 %rax,-0x8(%rsp)
    0x0000000000e47794 <interleaveBytes_sse2+84>:        nopl   0x0(%rax)
    0x0000000000e47798 <interleaveBytes_sse2+88>:        xor    %rax,%rax
    0x0000000000e4779b <interleaveBytes_sse2+91>:        prefetchnta
 0x40(%rdi,%rax,1)
    0x0000000000e477a0 <interleaveBytes_sse2+96>:        prefetchnta
 0x40(%rsi,%rax,1)
    0x0000000000e477a5 <interleaveBytes_sse2+101>:       movdqa
 (%rdi,%rax,1),%xmm0
    0x0000000000e477aa <interleaveBytes_sse2+106>:       movdqa
 (%rdi,%rax,1),%xmm1
 => 0x0000000000e477af <interleaveBytes_sse2+111>:       movdqa
 (%rsi,%rax,1),%xmm2
    0x0000000000e477b4 <interleaveBytes_sse2+116>:       punpcklbw
 %xmm2,%xmm0
    0x0000000000e477b8 <interleaveBytes_sse2+120>:       punpckhbw
 %xmm2,%xmm1
    0x0000000000e477bc <interleaveBytes_sse2+124>:       movntdq
 %xmm0,(%rdx,%rax,2)
    0x0000000000e477c1 <interleaveBytes_sse2+129>:       movntdq
 %xmm1,0x10(%rdx,%rax,2)
    0x0000000000e477c7 <interleaveBytes_sse2+135>:       add    $0x10,%rax
    0x0000000000e477cb <interleaveBytes_sse2+139>:       cmp    %r13,%rax
    0x0000000000e477ce <interleaveBytes_sse2+142>:       jb     0xe4779b
 <interleaveBytes_sse2+91>
 End of assembler dump.
 (gdb) info all-register
 rax            0x4640   17984
 rbx            0x0      0
 rcx            0x8      8
 rdx            0x1a68660        27690592
 rsi            0x1a739c0        27736512
 rdi            0x1a73980        27736448
 rbp            0x0      0x0
 rsp            0x7fffffffd028   0x7fffffffd028
 r8             0x8      8
 r9             0x8      8
 r10            0x0      0
 r11            0x8      8
 r12            0x0      0
 r13            0xfffffffffffffff9       -7
 r14            0x0      0
 r15            0x10     16
 rip            0xe477af 0xe477af <interleaveBytes_sse2+111>
 eflags         0x10217  [ CF PF AF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 st0            0        (raw 0x00000000000000000000)
 st1            0        (raw 0x00000000000000000000)
 st2            0        (raw 0x00000000000000000000)
 st3            0        (raw 0x00000000000000000000)
 st4            0        (raw 0x00000000000000000000)
 st5            0        (raw 0x00000000000000000000)
 st6            0        (raw 0x00000000000000000000)
 st7            0        (raw 0x00000000000000000000)
 fctrl          0x37f    895
 fstat          0x0      0
 ftag           0xffff   65535
 fiseg          0x0      0
 fioff          0x0      0
 foseg          0x0      0
 fooff          0x0      0
 fop            0x0      0
 mxcsr          0x1fa8   [ OE PE IM DM ZM OM UM PM ]
 ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0
 <repeats 16 times>},
   v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0,
 0x0, 0x0, 0x0},
   v2_int128 = {0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0
 <repeats 16 times>},
   v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0,
 0x0, 0x0, 0x0},
   v2_int128 = {0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0
 <repeats 16 times>},
   v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0,
 0x0, 0x0, 0x0},
   v2_int128 = {0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0
 <repeats 16 times>},
   v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0,
 0x0, 0x0, 0x0},
   v2_int128 = {0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0,
     0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x73, 0x6d, 0x70, 0x74,
 0x65, 0x31, 0x37,
     0x30, 0x6d, 0x0, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x0 <repeats 16
 times>},
   v16_int16 = {0x6d73, 0x7470, 0x3165, 0x3037, 0x6d, 0x6e49, 0x6176,
 0x696c, 0x0, 0x0, 0x0,
     0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x74706d73, 0x30373165,
 0x6e49006d, 0x696c6176,
     0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3037316574706d73,
 0x696c61766e49006d, 0x0, 0x0},
   v2_int128 = {0x696c61766e49006d3037316574706d73,
 0x00000000000000000000000000000000}}
 ymm5           {v8_float = {0x0, 0x1, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x1, 0x20,
     0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x40,
 0x40, 0x40, 0x40,
     0x40, 0x40, 0x40, 0x40, 0x0 <repeats 16 times>}, v16_int16 = {0x0,
 0x0, 0x0, 0x3ff0,
     0x4040, 0x4040, 0x4040, 0x4040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
 0x0}, v8_int32 = {
     0x0, 0x3ff00000, 0x40404040, 0x40404040, 0x0, 0x0, 0x0, 0x0}, v4_int64
 = {
     0x3ff0000000000000, 0x4040404040404040, 0x0, 0x0}, v2_int128 = {
     0x40404040404040403ff0000000000000,
 0x00000000000000000000000000000000}}
 ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0,
     0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x65,
     0x66, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x0 <repeats 16 times>},
 v16_int16 = {0x0,
     0x0, 0x0, 0x0, 0x6665, 0x6f63, 0x6e75, 0x6574, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0},
   v8_int32 = {0x0, 0x0, 0x6f636665, 0x65746e75, 0x0, 0x0, 0x0, 0x0},
 v4_int64 = {0x0,
     0x65746e756f636665, 0x0, 0x0}, v2_int128 =
 {0x65746e756f6366650000000000000000,
     0x00000000000000000000000000000000}}
 ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x20 <repeats 16 times>, 0x0 <repeats 16
 times>}, v16_int16 = {
     0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x2020, 0x0,
 0x0, 0x0, 0x0, 0x0,
     0x0, 0x0, 0x0}, v8_int32 = {0x20202020, 0x20202020, 0x20202020,
 0x20202020, 0x0, 0x0,
     0x0, 0x0}, v4_int64 = {0x2020202020202020, 0x2020202020202020, 0x0,
 0x0}, v2_int128 = {
     0x20202020202020202020202020202020,
 0x00000000000000000000000000000000}}
 ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0
 <repeats 16 times>},
   v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0,
 0x0, 0x0, 0x0},
   v2_int128 = {0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {
     0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0,
 0x0,
     0xff <repeats 14 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x0,
 0xffff, 0xffff,
     0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
 0x0, 0x0},
   v8_int32 = {0xffff0000, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0,
 0x0, 0x0},
   v4_int64 = {0xffffffffffff0000, 0xffffffffffffffff, 0x0, 0x0}, v2_int128
 = {
     0xffffffffffffffffffffffffffff0000,
 0x00000000000000000000000000000000}}
 ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0
 <repeats 16 times>},
   v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0,
 0x0, 0x0, 0x0},
   v2_int128 = {0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0,
 0xff, 0x0, 0x0,
     0x0, 0xff, 0xff, 0x0 <repeats 17 times>}, v16_int16 = {0x0, 0xff00,
 0x0, 0x0, 0xff00,
     0x0, 0xff00, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 =
 {0xff000000, 0x0,
     0xff00, 0xffff00, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff000000,
 0xffff000000ff00, 0x0,
     0x0}, v2_int128 = {0x00ffff000000ff0000000000ff000000,
     0x00000000000000000000000000000000}}
 ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4, 0x3c,
     0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3cc4, 0x0
 <repeats 12 times>},
   v8_int32 = {0x0, 0x3cc40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
     0x3cc4000000000000, 0x0, 0x0, 0x0}, v2_int128 =
 {0x00000000000000003cc4000000000000,
     0x00000000000000000000000000000000}}
 ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x59, 0xbc,
     0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x8000, 0xbc59, 0x0
 <repeats 12 times>},
   v8_int32 = {0x0, 0xbc598000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
     0xbc59800000000000, 0x0, 0x0, 0x0}, v2_int128 =
 {0x0000000000000000bc59800000000000,
     0x00000000000000000000000000000000}}
 ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x0, 0x0,
     0x0, 0x0}, v32_int8 = {0x8e, 0x85, 0x83, 0xe8, 0xf0, 0x24, 0x53, 0x3c,
     0x0 <repeats 24 times>}, v16_int16 = {0x858e, 0xe883, 0x24f0, 0x3c53,
     0x0 <repeats 12 times>}, v8_int32 = {0xe883858e, 0x3c5324f0, 0x0, 0x0,
 0x0, 0x0, 0x0,
     0x0}, v4_int64 = {0x3c5324f0e883858e, 0x0, 0x0, 0x0}, v2_int128 = {
     0x00000000000000003c5324f0e883858e,
 0x00000000000000000000000000000000}}
 ymm15          {v8_float = {0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v4_double = {0x2d, 0x0,
     0x0, 0x0}, v32_int8 = {0xc0, 0x9, 0xf2, 0x16, 0xb5, 0xdf, 0x46, 0x40,
     0x0 <repeats 24 times>}, v16_int16 = {0x9c0, 0x16f2, 0xdfb5, 0x4046,
     0x0 <repeats 12 times>}, v8_int32 = {0x16f209c0, 0x4046dfb5, 0x0, 0x0,
 0x0, 0x0, 0x0,
     0x0}, v4_int64 = {0x4046dfb516f209c0, 0x0, 0x0, 0x0}, v2_int128 = {
     0x00000000000000004046dfb516f209c0,
 0x00000000000000000000000000000000}}
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4151#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
http://avcodec.org/mailman/listinfo/ffmpeg-trac

Reply via email to