Issue 1600 in webm: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
62 views
Skip to first unread message
mbali… via monorail
Feb 18, 2019, 1:21:35 AM2/18/19
to webm-d...@webmproject.org
Status: Untriaged
Owner: ----
Labels: Type-Bug Pri-2
Components: libvpx
New issue 1600 by mbali...@gmail.com: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
https://bugs.chromium.org/p/webm/issues/detail?id=1600
Very rarely and randomly our application crashes into libvpx/vp9 encoder.
Finally, we were able to track it down.
CRASH:
vp9_pick_inter_mode()
vp9_int_pro_motion_estimation()
vpx_int_pro_col_sse2()
_mm_load_si128(0x000000594b4d931f) --> read access violation
The problem is that the memory address 0x000000594b4d931f is not 16bytes aligned.
------
https://software.intel.com/sites/landingpage/IntrinsicsGuide/#text=_mm_load_si128&expand=3310
__m128i _mm_load_si128 (__m128i const* mem_addr)
Description
Load 128-bits of integer data from memory into dst. mem_addr must be aligned on a 16-byte boundary or a general-protection exception may be generated.
---------
THE ISSUE:
(1) When using RESIZE_DYNAMIC and VPX_CBR the vp9 encoder at some random point decides to scale down the input image from 320:240 to 240:180. This generates x_scale_fp = y_scale_fp = 21845
vp9_setup_scale_factors_for_frame()
x_scale_fp = get_fixed_point_scale_factor(320, 240); -> return 21845
y_scale_fp = get_fixed_point_scale_factor(240, 180); -> return 21845
(2) Which can lead to memory misalignment in:
vp9_pick_inter_mode()
find_predictors()
vp9_setup_pred_block()
setup_pred_plane(..., stride, mi_col, mi_row, scale, subsampling_x, subsamplig_y)
before setup_pred_plane() -> dst[0].buf = 0x000000594b4c3220
after setup_pred_plane() -> dst[0].buf = 0x000000594b4da71f (unaligned)
memory offset = 0x000000594b4da71f - 0x000000594b4c3220 = 95487 bytes
stride = 640
mi_row = 14
mi_col = 12
subsampling_x = subsampling_y = 1
scale.x_scale_fp = 21845
scale.y_scale_fp = 21845
scale functions: scaled_x() and scaled_y()
----- simple math from setup_pred_plane()
x = (8 * mi_col) >> subsampling_x = (8 * 12) >> 1 = 96
y = (8 * mi_row) >> subsampling_y = (8 * 14) >> 1 = 112
scaled_x = (x * x_scale_fp) >> 14 = (96 * 21845) >> 14 = 127
scaled_y = (y * y_scale_fp) >> 14 = (112 * 21845) >> 14 = 149
offset = scaled_y * stride + scaled_x = 149 * 640 + 127 = 95487
================
Our application is using libvpx 1.6.1 on Windows x86_64 built with Visual Studio 2017.
The same code paths exist in the latest libvpx.
--
You received this message because:
1. The project was configured to send all issue notifications to this address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Owner: ----
Labels: Type-Bug Pri-2
Components: libvpx
New issue 1600 by mbali...@gmail.com: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
https://bugs.chromium.org/p/webm/issues/detail?id=1600
Very rarely and randomly our application crashes into libvpx/vp9 encoder.
Finally, we were able to track it down.
CRASH:
vp9_pick_inter_mode()
vp9_int_pro_motion_estimation()
vpx_int_pro_col_sse2()
_mm_load_si128(0x000000594b4d931f) --> read access violation
The problem is that the memory address 0x000000594b4d931f is not 16bytes aligned.
------
https://software.intel.com/sites/landingpage/IntrinsicsGuide/#text=_mm_load_si128&expand=3310
__m128i _mm_load_si128 (__m128i const* mem_addr)
Description
Load 128-bits of integer data from memory into dst. mem_addr must be aligned on a 16-byte boundary or a general-protection exception may be generated.
---------
THE ISSUE:
(1) When using RESIZE_DYNAMIC and VPX_CBR the vp9 encoder at some random point decides to scale down the input image from 320:240 to 240:180. This generates x_scale_fp = y_scale_fp = 21845
vp9_setup_scale_factors_for_frame()
x_scale_fp = get_fixed_point_scale_factor(320, 240); -> return 21845
y_scale_fp = get_fixed_point_scale_factor(240, 180); -> return 21845
(2) Which can lead to memory misalignment in:
vp9_pick_inter_mode()
find_predictors()
vp9_setup_pred_block()
setup_pred_plane(..., stride, mi_col, mi_row, scale, subsampling_x, subsamplig_y)
before setup_pred_plane() -> dst[0].buf = 0x000000594b4c3220
after setup_pred_plane() -> dst[0].buf = 0x000000594b4da71f (unaligned)
memory offset = 0x000000594b4da71f - 0x000000594b4c3220 = 95487 bytes
stride = 640
mi_row = 14
mi_col = 12
subsampling_x = subsampling_y = 1
scale.x_scale_fp = 21845
scale.y_scale_fp = 21845
scale functions: scaled_x() and scaled_y()
----- simple math from setup_pred_plane()
x = (8 * mi_col) >> subsampling_x = (8 * 12) >> 1 = 96
y = (8 * mi_row) >> subsampling_y = (8 * 14) >> 1 = 112
scaled_x = (x * x_scale_fp) >> 14 = (96 * 21845) >> 14 = 127
scaled_y = (y * y_scale_fp) >> 14 = (112 * 21845) >> 14 = 149
offset = scaled_y * stride + scaled_x = 149 * 640 + 127 = 95487
================
Our application is using libvpx 1.6.1 on Windows x86_64 built with Visual Studio 2017.
The same code paths exist in the latest libvpx.
--
You received this message because:
1. The project was configured to send all issue notifications to this address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
jz… via monorail
Mar 12, 2019, 6:16:33 PM3/12/19
to webm-d...@webmproject.org
Updates:
Labels: Needs-Feedback
Status: Unconfirmed
Comment #1 on issue 1600 by jz...@google.com: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
https://bugs.chromium.org/p/webm/issues/detail?id=1600#c1
Thanks for the report. It sounds like this should show on all platforms. Do you have any material and encode command lines you can share that reproduce the issue?
Labels: Needs-Feedback
Status: Unconfirmed
Comment #1 on issue 1600 by jz...@google.com: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
https://bugs.chromium.org/p/webm/issues/detail?id=1600#c1
Thanks for the report. It sounds like this should show on all platforms. Do you have any material and encode command lines you can share that reproduce the issue?
mbali… via monorail
Mar 13, 2019, 5:58:04 AM3/13/19
to webm-d...@webmproject.org
Comment #2 on issue 1600 by mbali...@gmail.com: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
https://bugs.chromium.org/p/webm/issues/detail?id=1600#c2
The problem is very hard to reproduce. We use libvpx as a part of much larger solution.
After disabling RESIZE_DYNAMIC, the random crashes of our application stopped.
lileimt0… via monorail
Jun 5, 2019, 11:20:31 PM6/5/19
to webm-d...@webmproject.org
Comment #3 on issue 1600 by lileimt0...@gmail.com: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
https://bugs.chromium.org/p/webm/issues/detail?id=1600#c3
I hava find the same error when I use freeswitch 1.8.5 with libvpx-1.6.0. It came everytime when use vp9.When i use ubuntu cpu 8/16g,it came out using about 3 hours, when use cpu 2/2g, it came out about 5 minutes.
bugdroid via monorail
Oct 24, 2019, 2:40:08 AM10/24/19
to webm-d...@webmproject.org
Comment #6 on issue 1600 by bugdroid: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
https://bugs.chromium.org/p/webm/issues/detail?id=1600#c6
The following revision refers to this bug:
https://chromium.googlesource.com/webm/libvpx/+/849b63ffe1723e4e3c021c821cbd50db7cb5211d
commit 849b63ffe1723e4e3c021c821cbd50db7cb5211d
Author: James Zern <jz...@google.com>
Date: Wed Oct 23 02:58:29 2019
vpx_int_pro_col_sse2: use unaligned loads
this fixes a segfault when scaling is enabled; in some cases depending
on the ratio offsets may become odd.
vpx_int_pro_row_sse2 was updated previously, though the reason wasn't
listed:
54eda13f8 Apply fast motion search to golden reference frame
BUG=webm:1600
Change-Id: I8d5e105d876d8cf917919da301fce362adffab95
[modify] https://crrev.com/849b63ffe1723e4e3c021c821cbd50db7cb5211d/vpx_dsp/x86/avg_intrin_sse2.c
johannko… via monorail
Oct 30, 2019, 11:49:43 AM10/30/19
to webm-d...@webmproject.org
Updates:
Status: Fixed
Comment #7 on issue 1600 by johannko...@google.com: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
https://bugs.chromium.org/p/webm/issues/detail?id=1600#c7
A speculative fix has been merged. Please re-open if this doesn't fix the issue for you.
Status: Fixed
Comment #7 on issue 1600 by johannko...@google.com: VP9 encoder crashes on windows x86_64 due to SSE memory misaligment
https://bugs.chromium.org/p/webm/issues/detail?id=1600#c7
A speculative fix has been merged. Please re-open if this doesn't fix the issue for you.
Reply all
Reply to author
Forward
0 new messages