[libav-bugs] [Bug 486] New: [IOS] ff_pred8x8_128_dc_neon crashes at h264pred_neon.S (libavcodec/arm/h264pred_neon.S)

bugzilla-daemon at aruru.libav.org bugzilla-daemon at aruru.libav.org
Tue Apr 2 22:04:58 CEST 2013


https://bugzilla.libav.org/show_bug.cgi?id=486

           Summary: [IOS] ff_pred8x8_128_dc_neon crashes at
                    h264pred_neon.S (libavcodec/arm/h264pred_neon.S)
           Product: Libav
           Version: git HEAD
          Platform: ARM
        OS/Version: Other
            Status: NEW
          Severity: blocker
          Priority: Normal
         Component: libavcodec
        AssignedTo: bugzilla at libav.org
        ReportedBy: lars.hammarstrand at gmail.com


Hello! 

We (at XBMC) are having problems with the new libavcodec 54.92 on IOS
(iphone/ipad) ref:
http://forum.xbmc.org/showthread.php?tid=156303&pid=1380678#pid1380678.

Same problem is reproducible using either:

1)  kxmovie (https://github.com/kolyvan/kxmovie) 

2)  The builtin ffmpeg tool 

Tested with both xcode 4.5 and 4.6 thus sdk 6.0 and 6.1.

Both suffers from the same problem as we have in xbmc. Memphiz informed me that
Måns Rullgård used to do some ARM HW optz at libav. XBMC is currently working
with the quote old ffmpeg 0.10.2 thus using  libavcodec 53.61 . 



Here is brief technical description of the problem:
===============================================================
1. XBMC is stopping at:
ff_pred8x8_128_dc_neon: (libavcodec/arm/h264pred_neon.S)
0x5bc84:  cdpeq  p15, #5, c15, c0, c0, #4 <-- Thread 3: EXC_BAD_INSTRUCTION
(code=EXC_ARM_UNDEFINED, subcode=0xe50ff80)
0x5bc88:  svclt  #57436

2. The problem originates from libavcodec/h264_mb_template.c
Code:
160:            if (SIMPLE || !CONFIG_GRAY || !(h->flags & CODEC_FLAG_GRAY)) {
161:                h->hpc.pred8x8[h->chroma_pred_mode](dest_cb, uvlinesize);  
 <-- Crash - Thread 18 CDVDPlayer: EXC_BAD_INSTRUCTION
162:                h->hpc.pred8x8[h->chroma_pred_mode](dest_cr, uvlinesize);
163:            }


3. Stack trace:
#0    0x01197c18 in ff_pred8x8_128_dc_neon at
libavcodec/arm/h264pred_neon.S:405
#1    0x0121f62c in hl_decode_mb_simple_8 at libavcodec/h264_mb_template.c:161
#2    0x01218266 in ff_h264_hl_decode_mb at libavcodec/h264.c:2415
#3    0x01225032 in decode_slice at libavcodec/h264.c:4207
#4    0x01224ddc in execute_decode_slices at libavcodec/h264.c:4357
#5    0x012174ce in decode_nal_units at libavcodec/h264.c:4701
#6    0x01221024 in decode_frame at libavcodec/h264.c:4813
#7    0x0136e252 in avcodec_decode_video2 at libavcodec/utils.c:1690
#8    0x0143675c in try_decode_frame at libavformat/utils.c:2562
#9    0x01434b1a in avformat_find_stream_info at libavformat/utils.c:2994


4. Definition of ff_pred8x8_128_dc_neon (libavcodec/arm/h264pred_neon.S):
function ff_pred8x8_128_dc_neon, export=1
        vmov.i8         q0,  #128
        b               .L_pred8x8_dc_end
endfunc
===============================================================
COnfigure flags:

 $ ./ffmpeg
ffmpeg version 1.2 Copyright (c) 2000-2013 the FFmpeg developers
  built on Apr  2 2013 17:54:06 with llvm-gcc 4.2.1 (LLVM build 2410.2.00)
  configuration: --disable-ffplay --disable-ffserver --disable-ffprobe
--disable-doc --disable-bzlib --target-os=darwin --enable-cross-compile
--enable-gpl --enable-version3 --arch=arm --cpu=cortex-a8 --enable-pic
--extra-cflags='-arch armv7' --extra-ldflags='-arch armv7'
--extra-cflags='-mfpu=neon -mfloat-abi=softfp -mvectorize-with-neon-quad'
--enable-neon --disable-armv5te --disable-armv6 --disable-armv6t2
--enable-optimizations --enable-debug=3 --disable-stripping
--cc=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc
--as='gas-preprocessor.pl
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc'
--sysroot=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS6.1.sdk
--extra-ldflags=-L/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS6.1.sdk/usr/lib/system
  libavutil      52. 18.100 / 52. 18.100
  libavcodec     54. 92.100 / 54. 92.100
  libavformat    54. 63.104 / 54. 63.104
  libavdevice    54.  3.103 / 54.  3.103
  libavfilter     3. 42.103 /  3. 42.103
  libswscale      2.  2.100 /  2.  2.100
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  2.100 / 52.  2.100
Hyper fast Audio and Video encoder
usage: ffmpeg [options] [[infile options] -i infile]... {[outfile options]
outfile}...
==========================================================
Full trace (also found at: http://pastebin.com/vCBCJ719):

$ uname -a
Darwin Lars-iPhone-4 11.0.0 Darwin Kernel Version 11.0.0: Sun Apr  8 21:51:26
PDT 2012; root:xnu-1878.11.10~1/RELEASE_ARM_S5L8930X iPhone3,1 arm N90AP Darwin

$ gdb ffmpeg 
GNU gdb 6.3.50-20050815 (Apple version gdb-1821) (Fri Jun 29 08:41:41 UTC 2012)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "arm-apple-darwin"...Reading symbols for shared
libraries . done

(gdb) r ffmpeg -i http://techslides.com/demos/sample-videos/small.mp4 -acodec
copy -vcodec copy output.mp4(gdb) 
Starting program: /ffmpeg-n1.2/ffmpeg ffmpeg -i
http://techslides.com/demos/sample-videos/small.mp4 -acodec copy -vcodec copy
output.mp4
Reading symbols for shared libraries ......................... done

Program received signal EXC_BAD_INSTRUCTION, Illegal instruction/operand.
ff_pred8x8_128_dc_neon () at h264pred_neon.S:405
Line number 405 out of range; h264pred_neon.S has 359 lines.
#0  ff_pred8x8_128_dc_neon () at h264pred_neon.S:405
#1  0x003fc75a in hl_decode_mb_simple_8 (h=0x0) at h264_mb_template.c:161
#2  0x003fdad8 in ff_h264_hl_decode_mb (h=<value temporarily unavailable, due
to optimizations>) at /ffmpeg-n1.2/libavcodec/h264.c:2415
#3  0x00401da4 in decode_slice (avctx=<value temporarily unavailable, due to
optimizations>, arg=<value temporarily unavailable, due to optimizations>) at
/ffmpeg-n1.2/libavcodec/h264.c:4266
#4  0x00402380 in execute_decode_slices () at
/ffmpeg-n1.2/libavcodec/h264.c:4355
#5  0x00402dec in decode_nal_units (h=0xf00000, buf=0xd25484 "",
buf_size=4207149, parse_extradata=0) at /ffmpeg-n1.2/libavcodec/h264.c:4699
#6  0x004033d6 in decode_frame (avctx=0x13b5a00, data=0x0,
got_frame=0x2fdfef84, avpkt=<value temporarily unavailable, due to
optimizations>) at /ffmpeg-n1.2/libavcodec/h264.c:4811
#7  0x003247ce in avcodec_decode_video2 (avctx=0x13b5a00, picture=0xe4bb40,
got_picture_ptr=0x10, avpkt=0x2fdfef20) at /ffmpeg-n1.2/libavcodec/utils.c:1690
#8  0x00067c16 in try_decode_frame (st=0xe4ad30, avpkt=<value temporarily
unavailable, due to optimizations>, options=0x0) at
/ffmpeg-n1.2/libavformat/utils.c:2514
#9  0x0006c468 in avformat_find_stream_info (ic=0xd18004, options=0x2fe25a14)
at /ffmpeg-n1.2/libavformat/utils.c:2946
#10 0x00004448 in open_input_file (o=0x2fdff36c, filename=<value temporarily
unavailable, due to optimizations>) at /ffmpeg-n1.2/ffmpeg_opt.c:786
#11 0x00003de8 in open_files (l=0x0, inout=0x0, open_file=0x5f5944 <groups>) at
/ffmpeg-n1.2/ffmpeg_opt.c:2307
#12 0x00004058 in ffmpeg_parse_options (argc=<value temporarily unavailable,
due to optimizations>, argv=<value temporarily unavailable, due to
optimizations>) at /ffmpeg-n1.2/ffmpeg_opt.c:2344
#13 0x00010c30 in main (argc=<value temporarily unavailable, due to
optimizations>, argv=<value temporarily unavailable, due to optimizations>) at
/ffmpeg-n1.2/ffmpeg.c:3317
Current language:  auto; currently asm
Dump of assembler code for function ff_pred8x8_top_dc_neon:
0x00398b74 <ff_pred8x8_top_dc_neon+0>:    andeq    lr, r1, #163840    ; 0x28000
0x00398b78 <ff_pred8x8_top_dc_neon+4>:    ldreq    pc, [pc, -r2, lsr #18]
0x00398b7c <ff_pred8x8_top_dc_neon+8>:    addeq    pc, r0, #704    ; 0x2c0
0x00398b80 <ff_pred8x8_top_dc_neon+12>:    bleq    0x7d47c8 <noise_table+2408>
0x00398b84 <ff_pred8x8_top_dc_neon+16>:    ldmdaeq    r0, {r1, r2, r3, r7, r8,
r9, r10, r11, sp, lr, pc}^
0x00398b88 <ff_pred8x8_top_dc_neon+20>:    stcne    15, cr15, [r0], {179}
0x00398b8c <ff_pred8x8_top_dc_neon+24>:    stceq    15, cr15, [r0], {177}
0x00398b90 <ff_pred8x8_top_dc_neon+28>:    strheq    pc, [r1], r10
0x00398b94 <ff_pred8x8_top_dc_neon+32>:    svclt    0x0000e04a
End of assembler dump.
r0             0xdd5990    14506384
r1             0x130    304
r2             0x398b6c    3771244
r3             0x4b804    309252
r4             0xf00000    15728640
r5             0xf00fc4    15732676
r6             0x0    0
r7             0x2fdfecf4    803204340
r8             0xde3990    14563728
r9             0x4b824    309284
r10            0xfa8610    16418320
r11            0x0    0
r12            0x0    0
sp             0x2fdfec28    803204136
lr             0x3fc75b    4179803
pc             0x398b6c    3771244
cpsr           {
  0x60000010, 
  n = 0x0, 
  z = 0x1, 
  c = 0x1, 
  v = 0x0, 
  q = 0x0, 
  j = 0x0, 
  ge = 0x0, 
  e = 0x0, 
  a = 0x0, 
  i = 0x0, 
  f = 0x0, 
  t = 0x0, 
  mode = 0x10
}    {
  0x60000010, 
  n = 0, 
  z = 1, 
  c = 1, 
  v = 0, 
  q = 0, 
  j = 0, 
  ge = 0, 
  e = 0, 
  a = 0, 
  i = 0, 
  f = 0, 
  t = 0, 
  mode = usr
}
s0             0    (raw 0x00000000)
s1             0    (raw 0x00000000)
s2             0    (raw 0x00000000)
s3             0    (raw 0x00000000)
s4             0    (raw 0x00000000)
s5             0    (raw 0x00000000)
s6             0    (raw 0x00000000)
s7             0    (raw 0x00000000)
s8             0    (raw 0x00000000)
s9             0    (raw 0x00000000)
s10            0    (raw 0x00000000)
s11            0    (raw 0x00000000)
s12            0    (raw 0x00000000)
s13            0    (raw 0x00000000)
s14            0    (raw 0x00000000)
s15            0    (raw 0x00000000)
s16            0    (raw 0x00000000)
s17            1.75    (raw 0x3fe00000)
s18            0    (raw 0x00000000)
s19            0    (raw 0x00000000)
s20            0    (raw 0x00000000)
s21            0    (raw 0x00000000)
s22            0    (raw 0x00000000)
s23            0    (raw 0x00000000)
s24            0    (raw 0x00000000)
s25            0    (raw 0x00000000)
s26            0    (raw 0x00000000)
s27            0    (raw 0x00000000)
s28            0    (raw 0x00000000)
s29            0    (raw 0x00000000)
s30            0    (raw 0x00000000)
s31            0    (raw 0x00000000)
fpscr          {
  0x63000090, 
  n = 0x0, 
  z = 0x1, 
  c = 0x1, 
  v = 0x0, 
  dn = 0x1, 
  fz = 0x1, 
  rmode = 0x0, 
  stride = 0x0, 
  len = 0x0, 
  ide = 0x0, 
  ixe = 0x0, 
  ufe = 0x0, 
  ofe = 0x0, 
  dze = 0x0, 
  ioe = 0x0, 
  idc = 0x1, 
  ixc = 0x1, 
  ufc = 0x0, 
  ofc = 0x0, 
  dzc = 0x0, 
  ioc = 0x0
}    {
  0x63000090, 
  n = 0, 
  z = 1, 
  c = 1, 
  v = 0, 
  dn = 1, 
  fz = 1, 
  rmode = 0, 
  stride = 0, 
  len = 0, 
  ide = 0, 
  ixe = 0, 
  ufe = 0, 
  ofe = 0, 
  dze = 0, 
  ioe = 0, 
  idc = 1, 
  ixc = 1, 
  ufc = 0, 
  ofc = 0, 
  dzc = 0, 
  ioc = 0
}
d16            1    (raw 0x3ff0000000000000)
d17            4503599627370497    (raw 0x4330000000000001)
d18            -1    (raw 0xbff0000000000000)
d19            2147483647    (raw 0x41dfffffffc00000)
d20            -1    (raw 0xbff0000000000000)
d21            1    (raw 0x3ff0000000000000)
d22            0.084170438349246979    (raw 0x3fb58c31a0000000)
d23            -0.10307344049215317    (raw 0xbfba630560000000)
d24            0    (raw 0x0000000000000000)
d25            0    (raw 0x0000000000000000)
d26            0    (raw 0x0000000000000000)
d27            0    (raw 0x0000000000000000)
d28            0    (raw 0x0000000000000000)
d29            0    (raw 0x0000000000000000)
d30            0    (raw 0x0000000000000000)
d31            0    (raw 0x0000000000000000)
d0             0    (raw 0x0000000000000000)
d1             0    (raw 0x0000000000000000)
d2             0    (raw 0x0000000000000000)
d3             0    (raw 0x0000000000000000)
d4             0    (raw 0x0000000000000000)
d5             0    (raw 0x0000000000000000)
d6             0    (raw 0x0000000000000000)
d7             0    (raw 0x0000000000000000)
d8             0.5    (raw 0x3fe0000000000000)
d9             0    (raw 0x0000000000000000)
d10            0    (raw 0x0000000000000000)
d11            0    (raw 0x0000000000000000)
d12            0    (raw 0x0000000000000000)
d13            0    (raw 0x0000000000000000)
d14            0    (raw 0x0000000000000000)
d15            0    (raw 0x0000000000000000)
q0             {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q1             {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q2             {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q3             {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q4             {
  uint128 = 4602678819172646912, 
  v4_float = {0, 1.75, 0, 0}, 
  v4_int32 = {0, 1071644672, 0, 0}, 
  v8_int16 = {0, 0, 0, 16352, 0, 0, 0, 0}, 
  v16_int8 = {0, 0, 0, 0, 0, 0, -32, 63, 0, 0, 0, 0, 0, 0, 0, 0}
}    (raw 0x00000000000000003fe0000000000000)
q5             {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q6             {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q7             {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q8             {
  uint128 = 0x43300000000000013ff0000000000000, 
  v4_float = {0, 1.875, 0, 176}, 
  v4_int32 = {0, 1072693248, 1, 1127219200}, 
  v8_int16 = {0, 0, 0, 16368, 1, 0, 0, 17200}, 
  v16_int8 = {0, 0, 0, 0, 0, 0, -16, 63, 1, 0, 0, 0, 0, 0, 48, 67}
}    (raw 0x43300000000000013ff0000000000000)
q9             {
  uint128 = 0x41dfffffffc00000bff0000000000000, 
  v4_float = {0, -1.875, -nan(0x400000), 27.9999981}, 
  v4_int32 = {0, -1074790400, -4194304, 1105199103}, 
  v8_int16 = {0, 0, 0, -16400, 0, -64, -1, 16863}, 
  v16_int8 = {0, 0, 0, 0, 0, 0, -16, -65, 0, 0, -64, -1, -1, -1, -33, 65}
}    (raw 0x41dfffffffc00000bff0000000000000)
q10            {
  uint128 = 0x3ff0000000000000bff0000000000000, 
  v4_float = {0, -1.875, 0, 1.875}, 
  v4_int32 = {0, -1074790400, 0, 1072693248}, 
  v8_int16 = {0, 0, 0, -16400, 0, 0, 0, 16368}, 
  v16_int8 = {0, 0, 0, 0, 0, 0, -16, -65, 0, 0, 0, 0, 0, 0, -16, 63}
}    (raw 0x3ff0000000000000bff0000000000000)
q11            {
  uint128 = 0xbfba6305600000003fb58c31a0000000, 
  v4_float = {-1.08420217e-19, 1.4183408, 3.68934881e+19, -1.45614684}, 
  v4_int32 = {-1610612736, 1068862513, 1610612736, -1078303995}, 
  v8_int16 = {0, -24576, -29647, 16309, 0, 24576, 25349, -16454}, 
  v16_int8 = {0, 0, 0, -96, 49, -116, -75, 63, 0, 0, 0, 96, 5, 99, -70, -65}
}    (raw 0xbfba6305600000003fb58c31a0000000)
q12            {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q13            {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q14            {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
q15            {
  uint128 = 0, 
  v4_float = {0, 0, 0, 0}, 
  v4_int32 = {0, 0, 0, 0}, 
  v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
  v16_int8 = {0 <repeats 16 times>}
}    (raw 0x00000000000000000000000000000000)
(gdb) quit
--

-- 
Configure bugmail: https://bugzilla.libav.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the libav-bugs mailing list