[libav-bugs] [Bug 230] New: Crash when decoding H.264 stream

bugzilla-daemon at aruru.libav.org bugzilla-daemon at aruru.libav.org
Thu Feb 16 11:17:36 CET 2012


http://bugzilla.libav.org/show_bug.cgi?id=230

           Summary: Crash when decoding H.264 stream
           Product: Libav
           Version: 0.7
          Platform: X86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: libavcodec
        AssignedTo: bugzilla at libav.org
        ReportedBy: tvrtko.ursulin at onelan.co.uk


libav 0.7.2 built inside gstreamer-ffmpeg 0.10.13. 

The stream is coming out a hardware encoder which puts it on the network (UDP
multicast) as a MPEG TS with H.264 video and AAC audio. Regularly, maybe once
per hour or so, the decoder crashes. For example:

[118325.648389] multiqueue0:src[4260]: segfault at e508f ip 00007f657763c38c sp
00007f65627f9788 error 4 in libgstffmpeg.so[7f657721c000+7ea000]

Traceback looks like this:

#0  put_pixels16_sse2 (h=16, line_size=3904, pixels=0x15e150 <Address 0x15e150
out of bounds>, 
    block=0x7fb5f16f0280
"%%%%%%%%&&&&&&&&''''''&&&%&&&%%&((((**)'''''''''&&&&&&&&%%%%%%%&&'''&&&''())*+",
','
<repeats 13 times>, "+++,,,-,,,,++*+++++++++*))('&&''", '&' <repeats 12 times>,
"'&('%&(*+-.001112", '1' <repeats 20 times>,
"0000000/\r\031\033\021++,,-----,,+--,+"...) at
libavcodec/x86/dsputil_mmx.c:453
#1  put_h264_qpel16_mc00_sse2 (
    dst=0x7fb5f16f0280
"%%%%%%%%&&&&&&&&''''''&&&%&&&%%&((((**)'''''''''&&&&&&&&%%%%%%%&&'''&&&''())*+",
','
<repeats 13 times>, "+++,,,-,,,,++*+++++++++*))('&&''", '&' <repeats 12 times>,
"'&('%&(*+-.001112", '1' <repeats 20 times>,
"0000000/\r\031\033\021++,,-----,,+--,+"..., src=0x15e150 <Address 0x15e150 out
of bounds>, stride=3904) at libavcodec/x86/h264_qpel_mmx.c:1040
#2  0x00007fb60f42bc89 in mc_dir_part (chroma444=0, pixel_shift=0,
chroma_op=0x7fb60f664360 <ff_put_h264_chroma_mc8_ssse3_rnd>,
qpix_op=0x7fb6080040a0, src_y_offset=184, src_x_offset=584, 
    dest_cr=0x7fb608b32300
"\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\177~", 
    dest_cb=0x7fb608aac7c0
"~~~~\177\177\177\177~~~~\177\177\177\177\177\177\177\177|t~\221\202\202\202\202\201\201\201\201\201\201\201\200\177",
'~' <repeats 11 times>, "}}}}||||||||", '}' <repeats 11 times>, "~", '\177'
<repeats 16 times>"\200,
\200\200\200\200\200\201\201\202\202\202\202\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200",
'\177' <repeats 12 times>"\200,
\200\200\200\177\177\177\177~~~~\177\177\177\177"..., 
    dest_y=0x7fb5f16f0280
"%%%%%%%%&&&&&&&&''''''&&&%&&&%%&((((**)'''''''''&&&&&&&&%%%%%%%&&'''&&&''())*+",
','
<repeats 13 times>, "+++,,,-,,,,++*+++++++++*))('&&''", '&' <repeats 12 times>,
"'&('%&(*+-.001112", '1' <repeats 20 times>,
"0000000/\r\031\033\021++,,-----,,+--,+"..., list=0, delta=0, chroma_height=8,
square=1, n=0, pic=0x7fb60802aac8, h=0x7fb608002400) at libavcodec/h264.c:482
#3  mc_part_std (chroma444=0, pixel_shift=0, list1=0, list0=<optimized out>,
chroma_avg=0x7fb60f664800 <ff_avg_h264_chroma_mc8_ssse3_rnd>,
qpix_avg=0x7fb6080042a0, chroma_put=0x7fb60f664360
<ff_put_h264_chroma_mc8_ssse3_rnd>, 
    qpix_put=0x7fb6080040a0, y_offset=184, x_offset=584, dest_cr=0x7fb608b32300
"\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\177~", 
    dest_cb=0x7fb608aac7c0
"~~~~\177\177\177\177~~~~\177\177\177\177\177\177\177\177|t~\221\202\202\202\202\201\201\201\201\201\201\201\200\177",
'~' <repeats 11 times>, "}}}}||||||||", '}' <repeats 11 times>, "~", '\177'
<repeats 16 times>"\200,
\200\200\200\200\200\201\201\202\202\202\202\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200",
'\177' <repeats 12 times>"\200,
\200\200\200\177\177\177\177~~~~\177\177\177\177"..., 
    dest_y=0x7fb5f16f0280
"%%%%%%%%&&&&&&&&''''''&&&%&&&%%&((((**)'''''''''&&&&&&&&%%%%%%%&&'''&&&''())*+",
','
<repeats 13 times>, "+++,,,-,,,,++*+++++++++*))('&&''", '&' <repeats 12 times>,
"'&('%&(*+-.001112", '1' <repeats 20 times>,
"0000000/\r\031\033\021++,,-----,,+--,+"..., delta=0, chroma_height=8,
square=1,
n=0, h=0x7fb608002400) at libavcodec/h264.c:558
#4  mc_part (h=0x7fb608002400, n=0, square=1, chroma_height=8, delta=0,
dest_y=<optimized out>, 
    dest_cb=0x7fb608aac7c0
"~~~~\177\177\177\177~~~~\177\177\177\177\177\177\177\177|t~\221\202\202\202\202\201\201\201\201\201\201\201\200\177",
'~' <repeats 11 times>, "}}}}||||||||", '}' <repeats 11 times>, "~", '\177'
<repeats 16 times>"\200,
\200\200\200\200\200\201\201\202\202\202\202\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200",
'\177' <repeats 12 times>"\200,
\200\200\200\177\177\177\177~~~~\177\177\177\177"..., 
    dest_cr=0x7fb608b32300
"\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\177~",
x_offset=0, y_offset=0, qpix_put=0x7fb6080040a0, chroma_put=0x7fb60f664360
<ff_put_h264_chroma_mc8_ssse3_rnd>, 
    qpix_avg=0x7fb6080042a0, chroma_avg=0x7fb60f664800
<ff_avg_h264_chroma_mc8_ssse3_rnd>, weight_op=0x7fb608006178,
weight_avg=0x7fb6080061c8, list0=4096, list1=0, pixel_shift=0, chroma444=0) at
libavcodec/h264.c:663
#5  0x00007fb60f430442 in hl_motion (chroma444=<optimized out>,
pixel_shift=<optimized out>, weight_avg=<optimized out>, weight_op=<optimized
out>, chroma_avg=<optimized out>, qpix_avg=<optimized out>, 
    chroma_put=<optimized out>, qpix_put=<optimized out>, dest_cr=<optimized
out>, dest_cb=<optimized out>, dest_y=<optimized out>, h=<optimized out>) at
libavcodec/h264.c:705
#6  hl_motion_8 (weight_avg=<optimized out>, weight_op=<optimized out>,
chroma_avg=<optimized out>, qpix_avg=<optimized out>, chroma444=<optimized
out>,
chroma_put=<optimized out>, qpix_put=<optimized out>, 
    dest_cr=<optimized out>, dest_cb=<optimized out>, dest_y=<optimized out>,
h=<optimized out>) at libavcodec/h264.c:805
#7  hl_decode_mb_internal (pixel_shift=0, simple=0, h=0x7fb608002400) at
libavcodec/h264.c:1920
#8  hl_decode_mb_complex (h=0x7fb608002400) at libavcodec/h264.c:2092
#9  0x00007fb60f439ed8 in ff_h264_hl_decode_mb (h=0x7fb608002400) at
libavcodec/h264.c:2115
#10 0x00007fb60f27fcdf in guess_mv (s=0x7fb608002400) at
libavcodec/error_resilience.c:576
#11 0x00007fb60f6b98a3 in ff_er_frame_end (s=0x7fb608002400) at
libavcodec/error_resilience.c:1052
#12 0x00007fb60f4296a8 in field_end (h=0x7fb608002400, in_setup=<optimized
out>)
at libavcodec/h264.c:2433
#13 0x00007fb60f43fc2d in decode_frame (avctx=0x7fb608057f40,
data=0x7fb60804c798, data_size=0x7fb60804c8e0, avpkt=<optimized out>) at
libavcodec/h264.c:3949
#14 0x00007fb60f551cd8 in frame_worker_thread (arg=0x7fb60804c640) at
libavcodec/pthread.c:301
#15 0x00007fb62f380d90 in start_thread () from /lib64/libpthread.so.0
#16 0x00007fb62e81048d in clone () from /lib64/libc.so.6

Or:

#0  0x00007f75ae63d81e in put_h264_qpel8or16_v_lowpass_sse2 (
    dst=0x7f759c2ed260 "()***+++++++++,,,,,,,,,++**((''&&%%%&&&''')**", '+'
<repeats 11 times>, ",,------", ',' <repeats 14 times>,
"--------,,++*(''((''&&&&&&%%%%", '$' <repeats 12 times>,
"%%&&&&&%$$#####$$$$",
'#' <repeats 13 times>,
"\"\"##%%&&%%%%%%$$$######\"####\"\"\"\"##$$$%%%%%%$$$$$"..., src=0x11e370
<Address 0x11e370 out of bounds>, dstStride=3904, srcStride=3904, h=16) at
libavcodec/x86/h264_qpel_mmx.c:1180
#1  0x00007f75ae63dd0d in put_h264_qpel16_v_lowpass_sse2 (
    dst=0x7f759c2ed260 "()***+++++++++,,,,,,,,,++**((''&&%%%&&&''')**", '+'
<repeats 11 times>, ",,------", ',' <repeats 14 times>,
"--------,,++*(''((''&&&&&&%%%%", '$' <repeats 12 times>,
"%%&&&&&%$$#####$$$$",
'#' <repeats 13 times>,
"\"\"##%%&&%%%%%%$$$######\"####\"\"\"\"##$$$%%%%%%$$$$$"..., src=0x1201f0
<Address 0x1201f0 out of bounds>, dstStride=3904, srcStride=3904) at
libavcodec/x86/h264_qpel_mmx.c:1180
#2  0x00007f75ae429c89 in mc_dir_part (chroma444=0, pixel_shift=0,
chroma_op=0x7f75ae662360 <ff_put_h264_chroma_mc8_ssse3_rnd>,
qpix_op=0x7f75a805b0a0, src_y_offset=152, src_x_offset=568, 
    dest_cr=0x7f75a85088b0
"\177\177\177\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\177\177\177\177\200\200\200\200\200\200\200\200\177\177\177\177\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\177~~~",
'\177' <repeats 12 times>"\200,
\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\177\177~~\177\177\177\177\177\177\177\177\200\200\200\200\200\201\201\201\201\201\201\201\201\200\200\200\200\200\200\200\200\200\200\200\200\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\202\202\202\202\202\202\202\202\202\202\202\202\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201"...,

    dest_cb=0x7f75a8482d90 "\200\200\200\200\200\200\200\200", '\177' <repeats
12 times>"\200,
~~~~}}}}~~~~",
'\177' <repeats 12 times>, "~~~\177\177\177\177\177"..., 
    dest_y=0x7f759c2ed260 "()***+++++++++,,,,,,,,,++**((''&&%%%&&&''')**", '+'
<repeats 11 times>, ",,------", ',' <repeats 14 times>,
"--------,,++*(''((''&&&&&&%%%%", '$' <repeats 12 times>,
"%%&&&&&%$$#####$$$$",
'#' <repeats 13 times>,
"\"\"##%%&&%%%%%%$$$######\"####\"\"\"\"##$$$%%%%%%$$$$$"..., list=0, delta=0,
chroma_height=8, square=1, n=0, pic=0x7f75a8081ac8, h=0x7f75a8059400) at
libavcodec/h264.c:482
#3  mc_part_std (chroma444=0, pixel_shift=0, list1=0, list0=<optimized out>,
chroma_avg=0x7f75ae662800 <ff_avg_h264_chroma_mc8_ssse3_rnd>,
qpix_avg=0x7f75a805b2a0, chroma_put=0x7f75ae662360
<ff_put_h264_chroma_mc8_ssse3_rnd>, 
    qpix_put=0x7f75a805b0a0, y_offset=152, x_offset=568, 
    dest_cr=0x7f75a85088b0
"\177\177\177\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\177\177\177\177\200\200\200\200\200\200\200\200\177\177\177\177\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\177~~~",
'\177' <repeats 12 times>"\200,
\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\177\177~~\177\177\177\177\177\177\177\177\200\200\200\200\200\201\201\201\201\201\201\201\201\200\200\200\200\200\200\200\200\200\200\200\200\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\202\202\202\202\202\202\202\202\202\202\202\202\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201"...,

    dest_cb=0x7f75a8482d90 "\200\200\200\200\200\200\200\200", '\177' <repeats
12 times>"\200,
~~~~}}}}~~~~",
'\177' <repeats 12 times>, "~~~\177\177\177\177\177"..., 
    dest_y=0x7f759c2ed260 "()***+++++++++,,,,,,,,,++**((''&&%%%&&&''')**", '+'
<repeats 11 times>, ",,------", ',' <repeats 14 times>,
"--------,,++*(''((''&&&&&&%%%%", '$' <repeats 12 times>,
"%%&&&&&%$$#####$$$$",
'#' <repeats 13 times>,
"\"\"##%%&&%%%%%%$$$######\"####\"\"\"\"##$$$%%%%%%$$$$$"..., delta=0,
chroma_height=8, square=1, n=0, h=0x7f75a8059400) at libavcodec/h264.c:558
#4  mc_part (h=0x7f75a8059400, n=0, square=1, chroma_height=8, delta=0,
dest_y=<optimized out>, 
    dest_cb=0x7f75a8482d90 "\200\200\200\200\200\200\200\200", '\177' <repeats
12 times>"\200,
~~~~}}}}~~~~",
'\177' <repeats 12 times>, "~~~\177\177\177\177\177"..., 
    dest_cr=0x7f75a85088b0
"\177\177\177\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\177\177\177\177\200\200\200\200\200\200\200\200\177\177\177\177\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\177~~~",
'\177' <repeats 12 times>"\200,
\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200\177\177~~\177\177\177\177\177\177\177\177\200\200\200\200\200\201\201\201\201\201\201\201\201\200\200\200\200\200\200\200\200\200\200\200\200\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\202\202\202\202\202\202\202\202\202\202\202\202\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201\201"...,
x_offset=0, y_offset=0, qpix_put=0x7f75a805b0a0, chroma_put=0x7f75ae662360
<ff_put_h264_chroma_mc8_ssse3_rnd>, 
    qpix_avg=0x7f75a805b2a0, chroma_avg=0x7f75ae662800
<ff_avg_h264_chroma_mc8_ssse3_rnd>, weight_op=0x7f75a805d178,
weight_avg=0x7f75a805d1c8, list0=4096, list1=0, pixel_shift=0, chroma444=0) at
libavcodec/h264.c:663
#5  0x00007f75ae42e442 in hl_motion (chroma444=<optimized out>,
pixel_shift=<optimized out>, weight_avg=<optimized out>, weight_op=<optimized
out>, chroma_avg=<optimized out>, qpix_avg=<optimized out>, 
    chroma_put=<optimized out>, qpix_put=<optimized out>, dest_cr=<optimized
out>, dest_cb=<optimized out>, dest_y=<optimized out>, h=<optimized out>) at
libavcodec/h264.c:705
#6  hl_motion_8 (weight_avg=<optimized out>, weight_op=<optimized out>,
chroma_avg=<optimized out>, qpix_avg=<optimized out>, chroma444=<optimized
out>,
chroma_put=<optimized out>, qpix_put=<optimized out>, 
    dest_cr=<optimized out>, dest_cb=<optimized out>, dest_y=<optimized out>,
h=<optimized out>) at libavcodec/h264.c:805
#7  hl_decode_mb_internal (pixel_shift=0, simple=0, h=0x7f75a8059400) at
libavcodec/h264.c:1920
#8  hl_decode_mb_complex (h=0x7f75a8059400) at libavcodec/h264.c:2092
#9  0x00007f75ae437ed8 in ff_h264_hl_decode_mb (h=0x7f75a8059400) at
libavcodec/h264.c:2115
#10 0x00007f75ae27dcdf in guess_mv (s=0x7f75a8059400) at
libavcodec/error_resilience.c:576
#11 0x00007f75ae6b78a3 in ff_er_frame_end (s=0x7f75a8059400) at
libavcodec/error_resilience.c:1052
#12 0x00007f75ae4276a8 in field_end (h=0x7f75a8059400, in_setup=<optimized
out>)
at libavcodec/h264.c:2433
#13 0x00007f75ae43dc2d in decode_frame (avctx=0x7f75a8058f60,
data=0x7f75a804fbc8, data_size=0x7f75a804fd10, avpkt=<optimized out>) at
libavcodec/h264.c:3949
#14 0x00007f75ae54fcd8 in frame_worker_thread (arg=0x7f75a804fa70) at
libavcodec/pthread.c:301
#15 0x00007f75ccc31d90 in start_thread () from /lib64/libpthread.so.0
#16 0x00007f75cc0c148d in clone () from /lib64/libc.so.6

-- 
Configure bugmail: http://bugzilla.libav.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the libav-bugs mailing list