search

mstorsjo / fdk-aac

A standalone library of the Fraunhofer FDK AAC code from Android.
https://sourceforge.net/projects/opencore-amr/
Other
1.18k stars 388 forks source link

Assert in fixpoint_math.cpp - libfdk-aac-0.1.4 #43

Open mbaldessari opened 8 years ago

mbaldessari commented 8 years ago 
Thread 19 "ghb" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffc77fe700 (LWP 3063)]
0x00007fffed8fbe55 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54    return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x00007fffed8fbe55 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007fffed8fda5a in __GI_abort () at abort.c:89
#2  0x00007fffed8f46f7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x7ffff7bc43cc "L_num >= (FIXP_DBL)0", 
    file=file@entry=0x7ffff7bc4373 "libFDK/src/fixpoint_math.cpp", line=line@entry=546, 
    function=function@entry=0x7ffff7bc4640 <fDivNorm(int, int, int*)::__PRETTY_FUNCTION__> "FIXP_DBL fDivNorm(FIXP_DBL, FIXP_DBL, INT*)") at assert.c:92
#3  0x00007fffed8f47a2 in __GI___assert_fail (assertion=assertion@entry=0x7ffff7bc43cc "L_num >= (FIXP_DBL)0", 
    file=file@entry=0x7ffff7bc4373 "libFDK/src/fixpoint_math.cpp", line=line@entry=546, 
    function=function@entry=0x7ffff7bc4640 <fDivNorm(int, int, int*)::__PRETTY_FUNCTION__> "FIXP_DBL fDivNorm(FIXP_DBL, FIXP_DBL, INT*)") at assert.c:101
#4  0x00007ffff7ba1a9b in fDivNorm (L_num=<optimized out>, L_denum=<optimized out>, result_e=<optimized out>) at libFDK/src/fixpoint_math.cpp:546
#5  0x00007ffff7b434f5 in FDKaacEnc_initMinSnr (sfbMinSnrLdData=<optimized out>, blockType=2, sfbActive=12, sfbOffset=0x7fffb40ee4f0, numLines=128, samplerate=48000, 
    bitrate=80000) at libAACenc/src/psy_configuration.cpp:516
#6  FDKaacEnc_InitPsyConfiguration (bitrate=bitrate@entry=80000, samplerate=samplerate@entry=48000, bandwidth=bandwidth@entry=16120, blocktype=blocktype@entry=2, 
    granuleLength=1024, useIS=useIS@entry=1, psyConf=0x7fffb40ee4e4, filterbank=FB_LC) at libAACenc/src/psy_configuration.cpp:652
#7  0x00007ffff7b4e6f5 in FDKaacEnc_psyMainInit (hPsy=0x7fffb40eddb0, audioObjectType=AOT_AAC_LC, cm=cm@entry=0x7fffb403b39c, sampleRate=48000, 
    granuleLength=<optimized out>, bitRate=bitRate@entry=160000, tnsMask=15, bandwidth=16120, usePns=1, useIS=1, syntaxFlags=0, initFlags=1)
    at libAACenc/src/psy_main.cpp:355
#8  0x00007ffff7b3c5ee in FDKaacEnc_Initialize (hAacEnc=0x7fffb403b390, config=config@entry=0x7fffb4031514, hTpEnc=0x7fffb40ff500, initFlags=initFlags@entry=1)
    at libAACenc/src/aacenc.cpp:548
#9  0x00007ffff7b46843 in aacEncInit (hAacEncoder=hAacEncoder@entry=0x7fffb4031490, InitFlags=<optimized out>, config=config@entry=0x7fffb4031490)
    at libAACenc/src/aacenc_lib.cpp:1160
#10 0x00007ffff7b48198 in aacEncEncode (hAacEncoder=0x7fffb4031490, inBufDesc=0x0, outBufDesc=0x0, inargs=0x0, outargs=0x0) at libAACenc/src/aacenc_lib.cpp:1434
#11 0x00007ffff62a909a in aac_encode_init () from /lib64/libavcodec.so.57
#12 0x00007ffff66c1002 in avcodec_open2 () from /lib64/libavcodec.so.57
#13 0x0000000000464f7f in encavcodecaInit ()
#14 0x000000000049ac7c in work_func ()
#15 0x000000000046adcb in hb_thread_func ()
#16 0x00007ffff262e5ba in start_thread (arg=0x7fffc77fe700) at pthread_create.c:333
#17 0x00007fffed9ca7cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

This happens 100% when ripping a specific dvd with handbreak. If I do: (gdb) break libFDK/src/fixpoint_math.cpp:542 if L_num < 0

I see the following parameters being passed: Thread 16 "ghb" hit Breakpoint 1, fDivNorm (L_num=-2147483648, L_denum=1030750208, result_e=0x7fffaf15e174) at libFDK/src/fixpoint_math.cpp:542

mbaldessari commented 8 years ago

If I break from the caller:

(gdb) break libAACenc/src/psy_configuration.cpp:516 if pePerWindow < 0
Thread 14 "ghb" hit Breakpoint 1, FDKaacEnc_initMinSnr (sfbMinSnrLdData=<optimized out>, blockType=2, sfbActive=12, sfbOffset=0x7fffa80eea80, numLines=128, 
    samplerate=48000, bitrate=80000) at libAACenc/src/psy_configuration.cpp:516
516     pePart_const = fDivNorm(pePerWindow, barcFactor, &qdiv);      qpeprt_const = qperwin - qbfac + DFRACT_BITS-1-qdiv;
(gdb) p pePerWindow
$1 = -2147483648
(gdb) p blockType
$2 = 2
(gdb) p barcFactor
$4 = 1030750208
(gdb) p numLines
$5 = 128
(gdb) p bitrate
$6 = 80000
(gdb) p samplerate
$7 = 48000

My first hunch is that pePerWindow wrapped around when we did fMult(pePerWindow, ONEP5) in libAACenc/src/psy_configuration.cpp

mstorsjo commented 8 years ago

Can you provide the source audio track that reproduces this crash? Even though the backtraces pinpoints where it finally crashed, it's pretty hard to know for sure how to fix it correctly without being able to reproduce it myself (especially since I haven't written this lib myself, I just handle it).

Usually this kind of issues can be reproduced with a short snippet of audio (like a second or so, around the segment that triggers it). You can also provide the sample privately to me at martin@martin.st.

mbaldessari commented 8 years ago

Sigh, I did not get around to work on a proper reproducer track and I had to return the DVD. I will share the tweak I used, maybe someone else will hit this one in the future and can finalize the investigation:

-        pePerWindow = fMult(pePerWindow, ONEP5);                 
+       if (pePerWindow > 0 && pePerWindow > 2147483647 / ONEP5) {
+          pePerWindow = 2147483646;                              
+       } else {                                                  
+          pePerWindow = fMult(pePerWindow, ONEP5);               
+       }
soutys commented 7 years ago

Version affected: 0.1.5 Encoder build: gcc -g -Wall -Wextra -pedantic -I./libSYS/include/ -lfdk-aac -o aac-enc wavreader.c aac-enc.c Encoder test: gdb --args ./aac-enc -t 29 -s 1 out002-shpo.wav out002.aac Result:

(gdb) run
Starting program: .../libfdk-aac/SOURCES/libfdk-aac/./aac-enc -t 29 -s 1 out002-short.wav out002-short.aac
aac-enc: libFDK/src/fixpoint_math.cpp:439: FIXP_DBL invSqrtNorm2(FIXP_DBL, INT*): Assertion `val > (FIXP_DBL)( ( (0.0) >= 0) ? ((( (double)(0.0) * (((INT64(1)<<(32-1)))) + 0.5 ) >= (double)(((signed)0x7FFFFFFF)) ) ? (INT)(((signed)0x7FFFFFFF)) : (INT)( (double)(0.0) * (double)(((INT64(1)<<(32-1)))) + 0.5)) : ((( (double)(0.0) * (((INT64(1)<<(32-1)))) - 0.5) <= (double)(((signed)0x80000000)) ) ? (INT)(((signed)0x80000000)) : (INT)( (double)(0.0) * (double)(((INT64(1)<<(32-1)))) - 0.5)) )' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff77991d7 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.17-157.el7_3.4.x86_64
(gdb) bt
#0  0x00007ffff77991d7 in raise () from /lib64/libc.so.6
#1  0x00007ffff779a8c8 in abort () from /lib64/libc.so.6
#2  0x00007ffff7792146 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff77921f2 in __assert_fail () from /lib64/libc.so.6
#4  0x00007ffff7ba53bc in invSqrtNorm2 (op=op@entry=-26926470, shift=shift@entry=0x7fffffff7a34) at libFDK/src/fixpoint_math.cpp:439
#5  0x00007ffff7ba53e9 in sqrtFixp (op=-26926470) at libFDK/src/fixpoint_math.cpp:473
#6  0x00007ffff7b969c8 in spectralChange (start=0, result_e=<synthetic pointer>, stop=16, YBufferWriteOffset=<optimized out>, border=8, nSfb=14, EnergyTotal=287, scaleEnergies=0x7caf7299, Energies=0x7fffffff7ac0)
    at libSBRenc/src/tran_det.cpp:215
#7  FDKsbrEnc_frameSplitter (Energies=Energies@entry=0x612f10, scaleEnergies=scaleEnergies@entry=0x613010, h_sbrTransientDetector=h_sbrTransientDetector@entry=0x6129d8, freqBandTable=<optimized out>, 
    tran_vector=tran_vector@entry=0x7fffffff8e84 "", YBufferWriteOffset=<optimized out>, YBufferSzShift=1, nSfb=14, timeStep=2, no_cols=32, tonality=tonality@entry=0x614450) at libSBRenc/src/tran_det.cpp:430
#8  0x00007ffff7b90bdc in FDKsbrEnc_extractSbrEnvelope1 (h_con=h_con@entry=0x611950, sbrHeaderData=sbrHeaderData@entry=0x6119c0, sbrBitstreamData=sbrBitstreamData@entry=0x611a04, hEnvChan=hEnvChan@entry=0x612410, 
    hCmonData=hCmonData@entry=0x611a20, eData=eData@entry=0x7fffffff8c60, fData=fData@entry=0x7fffffff89b0) at libSBRenc/src/env_est.cpp:1096
#9  0x00007ffff7b8a13f in FDKsbrEnc_EnvEncodeFrame (hEnvEncoder=hEnvEncoder@entry=0x6086c0, iElement=iElement@entry=0, samples=0x6050be, timeInStride=timeInStride@entry=2, sbrDataBits=sbrDataBits@entry=0x604cd8, 
    sbrData=sbrData@entry=0x6044d8 "", clearOutput=clearOutput@entry=0) at libSBRenc/src/sbr_encoder.cpp:1151
#10 0x00007ffff7b8a70d in sbrEncoder_EncodeFrame (hSbrEncoder=0x6086c0, samples=0x604d20, timeInStride=2, sbrDataBits=<optimized out>, sbrData=<optimized out>) at libSBRenc/src/sbr_encoder.cpp:2325
#11 0x00007ffff7b490c4 in aacEncEncode (hAacEncoder=0x604280, inBufDesc=0x7fffffff9200, outBufDesc=0x7fffffff9230, inargs=0x7fffffffe2a0, outargs=0x7fffffffe290) at libAACenc/src/aacenc_lib.cpp:1587
#12 0x0000000000401cea in main (argc=7, argv=0x7fffffffe488) at aac-enc.c:222
(gdb)

Audio file: https://www.dropbox.com/s/d8oxm7ji9da2cec/out002-short.wav?dl=0

mstorsjo commented 7 years ago

@soutys Sorry for the late reply: It seems like this particular issue already has been fixed in the latest master branch, in commit 5eb6f0db8cc1ecc00af2ef534078e4c65fdf978f. This isn't included in any release yet though (there'll probably be a bunch of more minor fixes coming up, so I won't be making a new release now right away).

soutys commented 7 years ago

@mstorsjo :+1: