[Bug 789198] Re: Firefox crashes when attempting to play webm video OMAP4 Panda Board
Ricardo Salveti
rsalveti at rsalveti.net
Mon Jun 13 12:20:46 UTC 2011
The error is happening while calling vp8_push_neon(dx_store_reg) at
mozilla/media/libvpx/vp8/decoder/onyxd_if.c:342.
gdb:
...
(gdb) b vp8dx_receive_compressed_data
Breakpoint 1 at 0x407d1ea4: file /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c, line 318.
(gdb) b vp8_push_neon
Breakpoint 2 at 0x407dd662
(gdb) c
Continuing.
[Thread 0x49a262b0 (LWP 2947) exited]
[New Thread 0x49a262b0 (LWP 2968)]
[New Thread 0x51aff2b0 (LWP 2969)]
[Thread 0x4e5ff2b0 (LWP 2952) exited]
[New Thread 0x4e5ff2b0 (LWP 2970)]
Running global cleanup code from study base classes.
[New Thread 0x536ff2b0 (LWP 2971)]
[New Thread 0x53eff2b0 (LWP 2972)]
[New Thread 0x54aff2b0 (LWP 2973)]
[Switching to Thread 0x54aff2b0 (LWP 2973)]
Breakpoint 1, vp8dx_receive_compressed_data (ptr=0x52eaa020, size=442, source=0x4cd4eb00 "\220\064", time_stamp=0) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c:318
318 /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c: No such file or directory.
in /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c
(gdb) n
330 in /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c
(gdb)
335 in /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c
(gdb)
322 in /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c
(gdb)
335 in /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c
(gdb)
339 in /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c
(gdb) p cm
$1 = (VP8_COMMON *) 0x52eab1d0
(gdb) p cm->rtcd
$2 = {idct = {idct1 = 0x407db52a <vp8_short_idct4x4llm_1_neon>, idct16 = 0x407db57a <vp8_short_idct4x4llm_neon>, idct1_scalar_add = 0x407cad41 <vp8_dc_only_idct_add_c>, iwalsh1 = 0x407da81a <vp8_short_inv_walsh4x4_1_neon>,
iwalsh16 = 0x407da796 <vp8_short_inv_walsh4x4_neon>}, recon = {copy16x16 = 0x407da6ce <vp8_copy_mem16x16_neon>, copy8x8 = 0x407da68a <vp8_copy_mem8x8_neon>, copy8x4 = 0x407da666 <vp8_copy_mem8x4_neon>,
recon = 0x407db4ba <vp8_recon_b_neon>, recon2 = 0x407db3ce <vp8_recon2b_neon>, recon4 = 0x407db426 <vp8_recon4b_neon>, recon_mb = 0x407d76e3 <vp8_recon_mb_neon>, recon_mby = 0x407cd427 <vp8_recon_mby_c>,
build_intra_predictors_mby_s = 0x407d6fe7 <vp8_build_intra_predictors_mby_s_neon>, build_intra_predictors_mby = 0x407d6fc1 <vp8_build_intra_predictors_mby_neon>}, subpix = {sixtap16x16 = 0x407dc8c6 <vp8_sixtap_predict16x16_neon>,
sixtap8x8 = 0x407dc212 <vp8_sixtap_predict8x8_neon>, sixtap8x4 = 0x407dbbce <vp8_sixtap_predict8x4_neon>, sixtap4x4 = 0x407db65a <vp8_sixtap_predict_neon>, bilinear16x16 = 0x407da25e <vp8_bilinear_predict16x16_neon>,
bilinear8x8 = 0x407da04e <vp8_bilinear_predict8x8_neon>, bilinear8x4 = 0x407d9eea <vp8_bilinear_predict8x4_neon>, bilinear4x4 = 0x407d9da6 <vp8_bilinear_predict4x4_neon>}, loopfilter = {
normal_mb_v = 0x407d6dad <vp8_loop_filter_mbv_neon>, normal_b_v = 0x407d6ef1 <vp8_loop_filter_bv_neon>, normal_mb_h = 0x407d6d4b <vp8_loop_filter_mbh_neon>, normal_b_h = 0x407d6e0f <vp8_loop_filter_bh_neon>,
simple_mb_v = 0x407d6df1 <vp8_loop_filter_mbvs_neon>, simple_b_v = 0x407d6f73 <vp8_loop_filter_bvs_neon>, simple_mb_h = 0x407d6d8f <vp8_loop_filter_mbhs_neon>, simple_b_h = 0x407d6e9f <vp8_loop_filter_bhs_neon>}, postproc = {
down = 0, across = 0, downacross = 0, addnoise = 0, blend_mb = 0}, flags = 7}
(gdb) bt full
#0 vp8dx_receive_compressed_data (ptr=0x52eaa020, size=442, source=0x4cd4eb00 "\220\064", time_stamp=0) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c:339
dx_store_reg = {139152645440798, 96048353650484, 46291157527873, 32920924327760, 4646864794173837775, 1391112656, 2032, 5974783707560194512}
pbi = 0x52eaa020
cm = 0x52eab1d0
retcode = 0
timer = {begin = {tv_sec = 0, tv_usec = 1081941477}, end = {tv_sec = 1391108128, tv_usec = 1420814620}}
#1 0x407d3e32 in vp8_decode (ctx=0x52121780, data=0x4cd4eb00 "\220\064", data_sz=442, user_priv=<value optimized out>, deadline=0) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/vp8_dx_iface.c:424
ppflag = 0
ppdeblocking = 0
sd = {y_width = 640, y_height = 360, y_stride = 9, uv_width = 0, uv_height = 0, uv_stride = 0, y_buffer = 0x0, u_buffer = 0xf424 <Address 0xf424 out of bounds>,
v_buffer = 0x400709e3 "\373\005\372H\352\001H\302E\006\331\001=\030\353\a\b\002\322\302E\210\277\001=E\352\tJ", buffer_alloc = 0x4ca2d400 "X\177\nA", border = 1081899335, frame_size = 1091787668, clrtype = 1285739520}
time_stamp = 0
time_end_stamp = 0
ppnoise = 0
res = <value optimized out>
#2 0x407d424c in vpx_codec_decode (ctx=0x4ca2d4d4, data=<value optimized out>, data_sz=<value optimized out>, user_priv=<value optimized out>, deadline=0)
at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vpx/src/vpx_decoder.c:127
res = <value optimized out>
#3 0x407c7b22 in nsWebMReader::DecodeVideoFrame (this=0x4ca2d400, aKeyframeSkip=@0x54afea7c, aTimeThreshold=0) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/content/media/webm/nsWebMReader.cpp:698
data = 0x4cd4eb00 "\220\064"
length = 442
si = {sz = 16, w = 640, h = 360, is_kf = 1}
iter = 0x0
img = <value optimized out>
i = 0
packet = 0x53fbe6a0
next_tstamp = 42000000
tstamp_ms = 0
parsed = 0
decoded = 0
track = 168495883
r = <value optimized out>
count = 185273099
autoNotify = {mDecoder = 0x52446d00, mParsed = @0x54afea4c, mDecoded = @0x54afea48}
holder = {<nsAutoRefBase<NesteggPacketHolder>> = {<nsSimpleRef<NesteggPacketHolder>> = {<nsAutoRefTraits<NesteggPacketHolder>> = {<nsPointerRefTraits<NesteggPacketHolder>> = {<No data fields>}, <No data fields>},
mRawRef = 0x53f0ec30}, <No data fields>}, <No data fields>}
tstamp = 796024480018992139
#4 0x407b9a2a in nsBuiltinDecoderReader::DecodeVideoFrame (this=<value optimized out>) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderReader.h:505
f = 0
#5 0x407b9b04 in nsBuiltinDecoderReader::DecodeToFirstData<VideoData> (this=0x4ca2d400, aDecodeFn=(PRBool (nsBuiltinDecoderReader::*)(nsBuiltinDecoderReader *)) 0x407b9a17 <nsBuiltinDecoderReader::DecodeVideoFrame()>, aQueue=...)
at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderReader.cpp:288
eof = <value optimized out>
#6 0x407b957c in nsBuiltinDecoderReader::FindStartTime (this=0x4ca2d400, aOffset=<value optimized out>, aOutStartTime=@0x54afeae0)
at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderReader.cpp:250
videoStartTime = 9223372036854775807
audioStartTime = 9223372036854775807
videoData = 0x0
startTime = <value optimized out>
#7 0x407b74fc in nsBuiltinDecoderStateMachine::FindStartTime (this=<value optimized out>) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderStateMachine.cpp:1565
startTime = 5715782368
v = 0x0
dataOffset = -1
#8 0x407b8882 in nsBuiltinDecoderStateMachine::Run (this=0x53f07b00) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderStateMachine.cpp:1066
videoData = <value optimized out>
metadataLoadedEvent = {<nsCOMPtr_base> = {mRawPtr = 0x40168627}, <No data fields>}
stream = 0x52e8b000
#9 0x40b09fae in nsThread::ProcessNextEvent (this=0x53f23120, mayWait=<value optimized out>, result=0x54afebf4) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/xpcom/threads/nsThread.cpp:618
event = {<nsCOMPtr_base> = {mRawPtr = 0x53f07b00}, <No data fields>}
notifyGlobalObserver = 1
obs = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
canary = {static sOutputFD = 0}
rv = 0
#10 0x40ae779e in NS_ProcessNextEvent_P (thread=<value optimized out>, mayWait=1) at nsThreadUtils.cpp:250
val = <value optimized out>
#11 0x40b09cfc in nsThread::ThreadFunc (arg=0x53f23120) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/xpcom/threads/nsThread.cpp:273
self = 0x53f23120
event = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
#12 0x4016bb9c in _pt_root (arg=0x51e5e1c0) at /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/nsprpub/pr/src/pthreads/ptthread.c:187
thred = 0x51e5e1c0
detached = 0
#13 0x401423be in start_thread (arg=0x54aff2b0) at pthread_create.c:306
pd = 0x54aff2b0
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1420817072, -1092596696, 1, 1420815408, 0, 1420817636, -1092596696, 96, 1420815408, 1075061659, 0 <repeats 16 times>, 671088657, 0 <repeats 37 times>}, mask_was_saved = 0}}, priv = {
pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = 0
robust = <value optimized out>
pagesize_m1 = <value optimized out>
sp = <value optimized out>
freesize = <value optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#14 0x41358538 in clone () at ../ports/sysdeps/unix/sysv/linux/arm/nptl/../clone.S:113
No locals.
(gdb) n
342 in /build/buildd/firefox-5.0~b5+build1+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c
(gdb) n
Program received signal SIGILL, Illegal instruction.
0x407dd668 in vp8_push_neon () from /usr/lib/firefox-5.0/libxul.so
(gdb) bt
#0 0x407dd668 in vp8_push_neon () from /usr/lib/firefox-5.0/libxul.so
#1 0x50efe880 in ?? ()
Cannot access memory at address 0x0
#2 0x50efe880 in ?? ()
Cannot access memory at address 0x0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
The save_neon_reg.asm content:
=======
EXPORT |vp8_push_neon|
EXPORT |vp8_pop_neon|
ARM
REQUIRE8
PRESERVE8
AREA ||.text||, CODE, READONLY, ALIGN=2
|vp8_push_neon| PROC
vst1.i64 {d8, d9, d10, d11}, [r0]!
vst1.i64 {d12, d13, d14, d15}, [r0]!
bx lr
ENDP
|vp8_pop_neon| PROC
vld1.i64 {d8, d9, d10, d11}, [r0]!
vld1.i64 {d12, d13, d14, d15}, [r0]!
bx lr
ENDP
END
=======
I'm building the package to check the dump of the binaries, to see if
the compiler is not messing around this code.
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/789198
Title:
Firefox crashes when attempting to play webm video OMAP4 Panda Board
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/789198/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list