[vlc-devel] Massive memory jump

Mon Sep 14 07:40:12 CEST 2009

Hi,

Here goes how this bug is triggered. First I have a folder with 8 
different video files (different formats etc...)
Played this folder with vlc.exe and keep on pressing N to jump to next 
item in playlist.
This bug is in very 64bits binary that I compiled.
When triggered it will spontaneously/instantaneously jump the memory 
usage to 4GB or more.
This bug is easily triggered with in seconds of pressing or holding N.
Disregard whether qt4 GUI interface was involved it can be triggered by 
using the dummy interface.

--- This log with binary from 0831
Problem signature:
 Problem Event Name:    APPCRASH
 Application Name:    vlc.exe
 Application Version:    1.1.0.99
 Application Timestamp:    4a9b8a09
 Fault Module Name:    msvcrt.dll
 Fault Module Version:    7.0.6002.18005
 Fault Module Timestamp:    49e04189
 Exception Code:    c0000005
 Exception Offset:    0000000000014d64
 OS Version:    6.0.6002.2.2.0.256.1
 Locale ID:    3081
Problem signature:
 Problem Event Name:    APPCRASH
 Application Name:    vlc.exe
 Application Version:    1.1.0.99
 Application Timestamp:    4a9b1650
 Fault Module Name:    msvcrt.dll
 Fault Module Version:    7.0.6002.18005
 Fault Module Timestamp:    49e04189
 Exception Code:    c0000005
 Exception Offset:    0000000000014d64
 OS Version:    6.0.6002.2.2.0.256.1
 Locale ID:    3081
 Additional Information 1:    03eb
 Additional Information 2:    4ef62d77cd0bb4a225d2a1406a9bf7ca
 Additional Information 3:    15cc
 Additional Information 4:    e4729b1012d5c3d8d7c5878fd6ac3d45
---
--- This backtrace is from today.
Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 19576.0x474c]
0x000007fefee24d64 in ?? ()
(gdb) bt
#0  0x000007fefee24d64 in ?? ()
#1  0x000000006a58afb6 in ?? ()
#2  0x000000006a58ad33 in ?? ()
#3  0x0000000000000452 in ?? ()
#4  0x000000000eebf5f0 in ?? ()
#5  0x0000000010907d80 in ?? ()
#6  0x00000000000007df in ?? ()
#7  0x0000000017d2b300 in ?? ()
#8  0x0000000017d2b350 in ?? ()
#9  0x0000000000000452 in ?? ()
#10 0x000000006a58ad33 in ?? ()
#11 0x0000000000000000 in ?? ()
(gdb) disass $pc-30 $pc+30
Dump of assembler code from 0x7fefee24d46 to 0x7fefee24d82:
0x000007fefee24d46:     loopne 0x7fefee24d94
0x000007fefee24d48:     mov    -0x28(%rdx,%rcx,1),%ecx
0x000007fefee24d4c:     mov    -0x30(%rdx,%rcx,1),%r10
0x000007fefee24d51:     sub    $0x40,%rcx
0x000007fefee24d55:     movnti %r9,0x18(%rcx)
0x000007fefee24d5a:     movnti %r10,0x10(%rcx)
0x000007fefee24d5f:     mov    0x8(%rdx,%rcx,1),%r9
0x000007fefee24d64:     mov    (%rdx,%rcx,1),%r10
0x000007fefee24d68:     dec    %eax
0x000007fefee24d6a:     movnti %r9,0x8(%rcx)
0x000007fefee24d6f:     movnti %r10,(%rcx)
0x000007fefee24d73:     jne    0x7fefee24d1f
0x000007fefee24d75:     sub    $0x1000,%r8
0x000007fefee24d7c:     cmp    $0x1000,%r8
End of assembler dump.
(gdb) print $pc
$1 = (void (*)()) 0x7fefee24d64
(gdb) info registers
rax            0x30     48
rcx            0xf14efba8       4048485288
rdx            0xffffffff8eb00452       -1901067182
rbx            0xffc00400       4290774016
rsp            0xeebf4a8        250344616
rbp            0xeebf500        250344704
rsi            0x452    1106
rdi            0x6a63f029       1784934441
r8             0x711003fa       1896875002
r9             0x25     37
r10            0xeef    3823
r11            0x803efbee       2151611374
r12            0x0      0
r13            0x0      0
r14            0x0      0
r15            0x0      0
rip            0x7fefee24d64    0x7fefee24d64
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x53     83
gs             0x2b     43

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 7112.0x4e50]
0x000007fefee24d1f in ?? ()
(gdb) bt
#0  0x000007fefee24d1f in ?? ()
#1  0x000000006a58afb6 in ?? ()
#2  0x000000006a58ad33 in ?? ()
#3  0x0000000000002800 in ?? ()
#4  0x0000000000000803 in ?? ()
#5  0x00000000102ce560 in ?? ()
#6  0x00000000102cf5d0 in ?? ()
#7  0x000000001db7a8d0 in ?? ()
#8  0x000000001db7a960 in ?? ()
#9  0x0000000000002800 in ?? ()
#10 0x000000006a58ad33 in ?? ()
#11 0x0000000000000000 in ?? ()
(gdb) disass $pc-30 $pc+30
Dump of assembler code from 0x7fefee24d01 to 0x7fefee24d3d:
0x000007fefee24d01:     jmpq   0x7fefee24d86
0x000007fefee24d06:     prefetchnta (%rdx,%rcx,1)
0x000007fefee24d0a:     prefetchnta 0x40(%rdx,%rcx,1)
0x000007fefee24d0f:     dec    %eax
0x000007fefee24d11:     jne    0x7fefee24cff
0x000007fefee24d13:     add    $0x1000,%rcx
0x000007fefee24d1a:     mov    $0x40,%eax
0x000007fefee24d1f:     mov    -0x8(%rdx,%rcx,1),%r9
0x000007fefee24d24:     mov    -0x10(%rdx,%rcx,1),%r10
0x000007fefee24d29:     movnti %r9,-0x8(%rcx)
0x000007fefee24d2e:     movnti %r10,-0x10(%rcx)
0x000007fefee24d33:     mov    -0x18(%rdx,%rcx,1),%r9
0x000007fefee24d38:     mov    -0x20(%rdx,%rcx,1),%r10
End of assembler dump.
(gdb) print $pc
$1 = (void (*)()) 0x7fefee24d1f
(gdb) info registers
rax            0x21     33
rcx            0xedb4d800       3988051968
rdx            0xffffffff924a2800       -1840633856
rbx            0xffc02786       4290783110
rsp            0x102cf558       271381848
rbp            0x102cf5b0       271381936
rsi            0x2800   10240
rdi            0x6a63f029       1784934441
r8             0x6d760780       1836451712
r9             0x12090000       302579712
r10            0x3c0118 3932440
r11            0x803ed840       2151602240
r12            0x0      0
r13            0x0      0
r14            0x0      0
r15            0x0      0
rip            0x7fefee24d1f    0x7fefee24d1f
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x53     83
gs             0x2b     43

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20090914/5cb66f13/attachment.html>