<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<div class="moz-text-flowed"
style="font-family: -moz-fixed; font-size: 13px;" lang="x-western">Hi,
<br>
<br>
Here goes how this bug is triggered. First I have a folder with 8
different video files (different formats etc...)
<br>
Played this folder with vlc.exe and keep on pressing N to jump to next
item in playlist.
<br>
This bug is in very 64bits binary that I compiled.
<br>
When triggered it will spontaneously/instantaneously jump the memory
usage to 4GB or more.
<br>
This bug is easily triggered with in seconds of pressing or holding N.
<br>
Disregard whether qt4 GUI interface was involved it can be triggered by
using the dummy interface.
<br>
<br>
--- This log with binary from 0831
<br>
Problem signature:
<br>
Problem Event Name: APPCRASH
<br>
Application Name: vlc.exe
<br>
Application Version: 1.1.0.99
<br>
Application Timestamp: 4a9b8a09
<br>
Fault Module Name: msvcrt.dll
<br>
Fault Module Version: 7.0.6002.18005
<br>
Fault Module Timestamp: 49e04189
<br>
Exception Code: c0000005
<br>
Exception Offset: 0000000000014d64
<br>
OS Version: 6.0.6002.2.2.0.256.1
<br>
Locale ID: 3081
<br>
Problem signature:
<br>
Problem Event Name: APPCRASH
<br>
Application Name: vlc.exe
<br>
Application Version: 1.1.0.99
<br>
Application Timestamp: 4a9b1650
<br>
Fault Module Name: msvcrt.dll
<br>
Fault Module Version: 7.0.6002.18005
<br>
Fault Module Timestamp: 49e04189
<br>
Exception Code: c0000005
<br>
Exception Offset: 0000000000014d64
<br>
OS Version: 6.0.6002.2.2.0.256.1
<br>
Locale ID: 3081
<br>
Additional Information 1: 03eb
<br>
Additional Information 2: 4ef62d77cd0bb4a225d2a1406a9bf7ca
<br>
Additional Information 3: 15cc
<br>
Additional Information 4: e4729b1012d5c3d8d7c5878fd6ac3d45
<br>
---
<br>
--- This backtrace is from today.
<br>
Program received signal SIGSEGV, Segmentation fault.
<br>
[Switching to thread 19576.0x474c]
<br>
0x000007fefee24d64 in ?? ()
<br>
(gdb) bt
<br>
#0 0x000007fefee24d64 in ?? ()
<br>
#1 0x000000006a58afb6 in ?? ()
<br>
#2 0x000000006a58ad33 in ?? ()
<br>
#3 0x0000000000000452 in ?? ()
<br>
#4 0x000000000eebf5f0 in ?? ()
<br>
#5 0x0000000010907d80 in ?? ()
<br>
#6 0x00000000000007df in ?? ()
<br>
#7 0x0000000017d2b300 in ?? ()
<br>
#8 0x0000000017d2b350 in ?? ()
<br>
#9 0x0000000000000452 in ?? ()
<br>
#10 0x000000006a58ad33 in ?? ()
<br>
#11 0x0000000000000000 in ?? ()
<br>
(gdb) disass $pc-30 $pc+30
<br>
Dump of assembler code from 0x7fefee24d46 to 0x7fefee24d82:
<br>
0x000007fefee24d46: loopne 0x7fefee24d94
<br>
0x000007fefee24d48: mov -0x28(%rdx,%rcx,1),%ecx
<br>
0x000007fefee24d4c: mov -0x30(%rdx,%rcx,1),%r10
<br>
0x000007fefee24d51: sub $0x40,%rcx
<br>
0x000007fefee24d55: movnti %r9,0x18(%rcx)
<br>
0x000007fefee24d5a: movnti %r10,0x10(%rcx)
<br>
0x000007fefee24d5f: mov 0x8(%rdx,%rcx,1),%r9
<br>
0x000007fefee24d64: mov (%rdx,%rcx,1),%r10
<br>
0x000007fefee24d68: dec %eax
<br>
0x000007fefee24d6a: movnti %r9,0x8(%rcx)
<br>
0x000007fefee24d6f: movnti %r10,(%rcx)
<br>
0x000007fefee24d73: jne 0x7fefee24d1f
<br>
0x000007fefee24d75: sub $0x1000,%r8
<br>
0x000007fefee24d7c: cmp $0x1000,%r8
<br>
End of assembler dump.
<br>
(gdb) print $pc
<br>
$1 = (void (*)()) 0x7fefee24d64
<br>
(gdb) info registers
<br>
rax 0x30 48
<br>
rcx 0xf14efba8 4048485288
<br>
rdx 0xffffffff8eb00452 -1901067182
<br>
rbx 0xffc00400 4290774016
<br>
rsp 0xeebf4a8 250344616
<br>
rbp 0xeebf500 250344704
<br>
rsi 0x452 1106
<br>
rdi 0x6a63f029 1784934441
<br>
r8 0x711003fa 1896875002
<br>
r9 0x25 37
<br>
r10 0xeef 3823
<br>
r11 0x803efbee 2151611374
<br>
r12 0x0 0
<br>
r13 0x0 0
<br>
r14 0x0 0
<br>
r15 0x0 0
<br>
rip 0x7fefee24d64 0x7fefee24d64
<br>
eflags 0x10202 [ IF RF ]
<br>
cs 0x33 51
<br>
ss 0x2b 43
<br>
ds 0x2b 43
<br>
es 0x2b 43
<br>
fs 0x53 83
<br>
gs 0x2b 43
<br>
<br>
Program received signal SIGSEGV, Segmentation fault.
<br>
[Switching to thread 7112.0x4e50]
<br>
0x000007fefee24d1f in ?? ()
<br>
(gdb) bt
<br>
#0 0x000007fefee24d1f in ?? ()
<br>
#1 0x000000006a58afb6 in ?? ()
<br>
#2 0x000000006a58ad33 in ?? ()
<br>
#3 0x0000000000002800 in ?? ()
<br>
#4 0x0000000000000803 in ?? ()
<br>
#5 0x00000000102ce560 in ?? ()
<br>
#6 0x00000000102cf5d0 in ?? ()
<br>
#7 0x000000001db7a8d0 in ?? ()
<br>
#8 0x000000001db7a960 in ?? ()
<br>
#9 0x0000000000002800 in ?? ()
<br>
#10 0x000000006a58ad33 in ?? ()
<br>
#11 0x0000000000000000 in ?? ()
<br>
(gdb) disass $pc-30 $pc+30
<br>
Dump of assembler code from 0x7fefee24d01 to 0x7fefee24d3d:
<br>
0x000007fefee24d01: jmpq 0x7fefee24d86
<br>
0x000007fefee24d06: prefetchnta (%rdx,%rcx,1)
<br>
0x000007fefee24d0a: prefetchnta 0x40(%rdx,%rcx,1)
<br>
0x000007fefee24d0f: dec %eax
<br>
0x000007fefee24d11: jne 0x7fefee24cff
<br>
0x000007fefee24d13: add $0x1000,%rcx
<br>
0x000007fefee24d1a: mov $0x40,%eax
<br>
0x000007fefee24d1f: mov -0x8(%rdx,%rcx,1),%r9
<br>
0x000007fefee24d24: mov -0x10(%rdx,%rcx,1),%r10
<br>
0x000007fefee24d29: movnti %r9,-0x8(%rcx)
<br>
0x000007fefee24d2e: movnti %r10,-0x10(%rcx)
<br>
0x000007fefee24d33: mov -0x18(%rdx,%rcx,1),%r9
<br>
0x000007fefee24d38: mov -0x20(%rdx,%rcx,1),%r10
<br>
End of assembler dump.
<br>
(gdb) print $pc
<br>
$1 = (void (*)()) 0x7fefee24d1f
<br>
(gdb) info registers
<br>
rax 0x21 33
<br>
rcx 0xedb4d800 3988051968
<br>
rdx 0xffffffff924a2800 -1840633856
<br>
rbx 0xffc02786 4290783110
<br>
rsp 0x102cf558 271381848
<br>
rbp 0x102cf5b0 271381936
<br>
rsi 0x2800 10240
<br>
rdi 0x6a63f029 1784934441
<br>
r8 0x6d760780 1836451712
<br>
r9 0x12090000 302579712
<br>
r10 0x3c0118 3932440
<br>
r11 0x803ed840 2151602240
<br>
r12 0x0 0
<br>
r13 0x0 0
<br>
r14 0x0 0
<br>
r15 0x0 0
<br>
rip 0x7fefee24d1f 0x7fefee24d1f
<br>
eflags 0x10206 [ PF IF RF ]
<br>
cs 0x33 51
<br>
ss 0x2b 43
<br>
ds 0x2b 43
<br>
es 0x2b 43
<br>
fs 0x53 83
<br>
gs 0x2b 43
<br>
<br>
</div>
</body>
</html>