VLC 1.3 nightly crashes with mmx fastmemcpy if image size is not a multiple of 16
When playing a certain JPG file (Attached) in VLC 1.3.0 git nightly as of 1 Jan 2012, the following crash occurs. Using Ubuntu 11.10 x86.
Steps to reproduce
- Open VLC
- Open attached attached DSC01553.JPG file and play
- VLC crashes and burns
Stacktrace
$ gdb ./vlc
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /media/data/vlc/build/vlc...done.
(gdb) r
Starting program: /media/data/vlc/build/vlc
[Thread debugging using libthread_db enabled]
VLC media player 1.3.0-git Rincewind (revision 4f41806)
[New Thread 0xb7787b70 (LWP 22960)]
[New Thread 0xb76b8b70 (LWP 22961)]
[0x804da00] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[New Thread 0xb6cbdb70 (LWP 22962)]
Gtk-Message: Failed to load module "canberra-gtk-module"
[New Thread 0xb5058b70 (LWP 22963)]
[New Thread 0xb46ffb70 (LWP 22964)]
[New Thread 0xb2858b70 (LWP 22965)]
[New Thread 0xb27d7b70 (LWP 22966)]
[New Thread 0xb1aa2b70 (LWP 22967)]
[Thread 0xb1aa2b70 (LWP 22967) exited]
[New Thread 0xb1aa2b70 (LWP 22971)]
[New Thread 0xaf406b70 (LWP 22972)]
[New Thread 0xaed63b70 (LWP 22973)]
[New Thread 0xaecd7b70 (LWP 22974)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaf406b70 (LWP 22972)]
0xb7ebb7c9 in fast_memcpy (to=0xadf37dc0, from=0xaf386000, len=32)
at ../../../modules/mmxext/../mmx/fastmemcpy.h:256
256 __asm__ __volatile__ (
(gdb) bt
[#0](https://code.videolan.org/videolan/vlc/-/issues/0) 0xb7ebb7c9 in fast_memcpy (to=0xadf37dc0, from=0xaf386000, len=32)
at ../../../modules/mmxext/../mmx/fastmemcpy.h:256
[#1](https://code.videolan.org/videolan/vlc/-/issues/1) 0xb7f5fe0c in vlc_memcpy (tgt=0xadf37c20, src=0xaf385e60, n=512)
at ../../src/misc/cpu.c:418
[#2](https://code.videolan.org/videolan/vlc/-/issues/2) 0xb0b47f12 in FillPicture (p_pic=0x844dc48, p_dec=0x8414950,
p_block=<optimized out>) at ../../../modules/codec/rawvideo.c:290
[#3](https://code.videolan.org/videolan/vlc/-/issues/3) DecodeFrame (p_block=0xaf285008, p_dec=0x8414950)
at ../../../modules/codec/rawvideo.c:310
[#4](https://code.videolan.org/videolan/vlc/-/issues/4) DecodeBlock (p_dec=0x8414950, pp_block=0xaf40629c)
at ../../../modules/codec/rawvideo.c:256
[#5](https://code.videolan.org/videolan/vlc/-/issues/5) 0xb7f03821 in DecoderDecodeVideo (p_dec=0x8414950, p_block=0xaf285008)
at ../../src/input/decoder.c:1512
[#6](https://code.videolan.org/videolan/vlc/-/issues/6) 0xb7f02f9a in DecoderProcessVideo (b_flush=false, p_block=0xaf285008,
p_dec=0x8414950) at ../../src/input/decoder.c:1878
[#7](https://code.videolan.org/videolan/vlc/-/issues/7) DecoderProcess (p_dec=0x8414950, p_block=<optimized out>)
at ../../src/input/decoder.c:2052
[#8](https://code.videolan.org/videolan/vlc/-/issues/8) 0xb7f031c9 in DecoderThread (p_data=0x8414950)
at ../../src/input/decoder.c:938
[#9](https://code.videolan.org/videolan/vlc/-/issues/9) 0xb7e95d31 in start_thread (arg=0xaf406b70) at pthread_create.c:304
[#10](https://code.videolan.org/videolan/vlc/-/issues/10) 0xb7de00ce in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
Backtrace stopped: Not enough registers or memory available to unwind further
(gdb) l
251 }
252 #else
253 /* Align destination at BLOCK_SIZE boundary */
254 for(; ((uintptr_t)to & (BLOCK_SIZE-1)) && i>0; i--)
255 {
256 __asm__ __volatile__ (
257 #ifndef HAVE_MMX1
258 PREFETCH" 320(%0)\n"
259 #endif
260 "movq (%0), %%mm0\n"
(gdb)
Edited by Rémi Denis-Courmont