search

abwiz0086 / webm

Automatically exported from code.google.com/p/webm
1 stars 0 forks source link

Memory access violation after dropping frames by not calling vpx_codec_decode #471

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. http://www.webmproject.org/tools/vp8-sdk/example__decode__with__drops.html 
(rest based on vpxdec)
2. decoding a short .webm video (5s) with multiple drops near the end
3. after dropping, some frame needs to be decoded
4. this will crash with memory access error (but not always)
5. uncomment dropping (calling each read frame vpx_codec_decode( &m_decoder, 
m_buf, m_buf_sz, NULL, 0 ) ) -> problem dissapears

What is the expected output? What do you see instead?
Successfull frame dropping and not a memory access error.

What version are you using? On what Windows version?
libvpx 1.1 Eider 32 or 64 bit Windows 7 64 bit crash.
libvpx 1.0 worked fine.

Unhandled exception at 0x000007feef63998b (Plugin_Videoplayer.dll) in 
Editor.exe: 0xC0000005: Access violation reading location 0x0000000044ed2000.

> Callstack:
Plugin_Videoplayer.dll!VideoplayerPlugin::VPXDec::readFrame(vpx_image * * data, 
bool bDrop)  Line 994 + 0x1b bytes  C++
    Plugin_Videoplayer.dll!VideoplayerPlugin::CWebMWrapper::Advance(float fDeltaTime)  Line 712 + 0x23 bytes    C++

Original issue reported on code.google.com by hendrikp...@gmail.com on 12 Aug 2012 at 8:54

GoogleCodeExporter commented 9 years ago 
We need more info for this bug. 

- The stack trace does not point into the codec, what variables are you 
accessing?
- Can we get some source code that is around the line that crashes? 

thanks

Original comment by albe...@google.com on 17 Aug 2012 at 8:39

GoogleCodeExporter commented 9 years ago 
I attached the modified vpxdec.c as well as a sample file that will cause the 
error.

If readFrame is called with bDropDecode=true around the ~2.0 - 2.5 second mark 
and playback resumes then (all drop parameters = false) then the crash occurs.

I'll try to get a more detailed stack trace, but ill have to recompile libvpx 
in debugmode first.

For now it seems the stack gets corrupted and crashes after returing from the 
decode function. Around the line
            // Decode frame // TODO: Deadline if post processing is added sometime in the future
            if ( vpx_codec_decode( &m_decoder, m_buf, m_buf_sz, NULL, 0 ) ) 

thanks

Original comment by hendrikp...@gmail.com on 18 Aug 2012 at 12:18

Attachments:

GoogleCodeExporter commented 9 years ago 
Ok I got lucky the crash also happens in the debug release:

I also attached the dump file.

Please note the lib and my code was compiled using vc10sp1 and yasmvc10 last 
version. (only change was the Seperator ; removal and setting the library to 
use Multithreaded DLL instead of lib)

Call Stack:
>   Plugin_Videoplayer.dll!vp8_filter_block1d4_h6_ssse3()  Line 373 Asm
    000000000012e0f4()  
    CryAction.dll!0000000030a38500()    
    [Frames below may be incorrect and/or missing, no symbols loaded for CryAction.dll] 
    24f524f524f524f5()  
    24f524f524f524f5()  
    0040004000400040()  
    0040004000400040()  
    000000000012eaa0()  
    Plugin_Videoplayer.dll!vp8_sixtap_predict4x4_ssse3(unsigned char * src_ptr, int src_pixels_per_line, int xoffset, int yoffset, unsigned char * dst_ptr, int dst_pitch)  Line 538    C
    Plugin_Videoplayer.dll!build_inter_predictors_b(blockd * d, unsigned char * dst, int dst_stride, unsigned char * base_pre, int pre_stride, void (unsigned char *, int, int, int, unsigned char *, int)* sppf)  Line 195 C
    Plugin_Videoplayer.dll!build_inter4x4_predictors_mb(macroblockd * x)  Line 538  C
    Plugin_Videoplayer.dll!vp8_build_inter_predictors_mb(macroblockd * xd)  Line 595    C
    Plugin_Videoplayer.dll!decode_macroblock(VP8D_COMP * pbi, macroblockd * xd, unsigned int mb_idx)  Line 242  C
    Plugin_Videoplayer.dll!decode_mb_rows(VP8D_COMP * pbi)  Line 450    C
    Plugin_Videoplayer.dll!vp8_decode_frame(VP8D_COMP * pbi)  Line 1145 C
    Plugin_Videoplayer.dll!vp8dx_receive_compressed_data(VP8D_COMP * pbi, unsigned long size, const unsigned char * source, __int64 time_stamp)  Line 411 + 0xa bytes   C
    Plugin_Videoplayer.dll!vp8_decode(vpx_codec_alg_priv * ctx, const unsigned char * data, unsigned int data_sz, void * user_priv, long deadline)  Line 454 + 0x2e bytes   C
    Plugin_Videoplayer.dll!vpx_codec_decode(vpx_codec_ctx * ctx, const unsigned char * data, unsigned int data_sz, void * user_priv, long deadline)  Line 138 + 0x3d bytes  C
    Plugin_Videoplayer.dll!VideoplayerPlugin::VPXDec::readFrame(vpx_image * * pData, bool & bDirty, bool bDropDecode, bool bDropOutput)  Line 1003 + 0x30 bytes C++
    Plugin_Videoplayer.dll!VideoplayerPlugin::CWebMWrapper::Advance(float fDeltaTime)  Line 720 + 0x28 bytes    C++

Dissassembly:
.vp8_filter_block1d4_h4_ssse3:
    movdqa      xmm5, XMMWORD PTR [rax+256]     ;k2_k4
    movdqa      xmm6, XMMWORD PTR [rax+128]     ;k1_k3
    movdqa      xmm0, XMMWORD PTR [GLOBAL(shuf2b)]
    movdqa      xmm3, XMMWORD PTR [GLOBAL(shuf3b)]

    mov         rsi, arg(0)             ;src_ptr
    mov         rdi, arg(2)             ;output_ptr
    movsxd      rax, dword ptr arg(1)   ;src_pixels_per_line
    movsxd      rcx, dword ptr arg(4)   ;output_height

    movsxd      rdx, dword ptr arg(3)   ;output_pitch

.filter_block1d4_h4_rowloop_ssse3:
    movdqu      xmm1,   XMMWORD PTR [rsi - 2] ; <----------------- heres the PC stands

    movdqa      xmm2, xmm1
    pshufb      xmm1, xmm0 ;;[GLOBAL(shuf2b)]
    pshufb      xmm2, xmm3 ;;[GLOBAL(shuf3b)]
    pmaddubsw   xmm1, xmm5

;--
    pmaddubsw   xmm2, xmm6

Output Log:
The thread 'RenderLoadingThread' (0x1e64) has exited with code 0 (0x0).
First-chance exception at 0x000007feed5959c7 (Plugin_Videoplayer.dll) in 
Launcher.exe: 0xC0000005: Access violation reading location 0x000000001ef821b9.
Unhandled exception at 0x000007feed5959c7 (Plugin_Videoplayer.dll) in 
Launcher.exe: 0xC0000005: Access violation reading location 0x000000001ef821b9.

Original comment by hendrikp...@gmail.com on 18 Aug 2012 at 12:41

Attachments:

GoogleCodeExporter commented 9 years ago 
This looks like a crash on: Plugin_Videoplayer.dll

Original comment by albe...@google.com on 14 Sep 2012 at 8:34

GoogleCodeExporter commented 9 years ago 
The crash dissapears if i disable dropping and the program counter for the 
crashed thread stands inside the libvpx. Libvpx is linked statically with 
Multithreaded DLL CRT VC10 into the Plugin_Videoplayer.dll.

All libvpx calls come from the same thread, and the image data is copied into a 
buffer to do further work.

The fact that disable dropping makes this crash disappear makes me think that 
it is not an issue in my code. (but who nows..)

Original comment by hendrikp...@gmail.com on 14 Sep 2012 at 10:25

GoogleCodeExporter commented 9 years ago 
Can you please retry with tip of tree?

This patch seems to resolve a similar issue:

https://gerrit.chromium.org/gerrit/#/c/32627/ 

Basically an attempted decode left the decoder in a wierd state with some 
needed structures not allocated.

Original comment by jimbankoski@google.com on 14 Sep 2012 at 10:36

GoogleCodeExporter commented 9 years ago 
I'll try in about 3 weeks, currently not at dev machine.

Thanks for the tip

Original comment by hendrikp...@gmail.com on 14 Sep 2012 at 10:43