[x264-devel] Yet another updated threaded slicetype patch (v14)

Mike Kazmier DaKaZ at zenbe.com
Tue Apr 14 20:38:41 CEST 2009 

> > Hmmm, I have checked and rechecked this under linux, I cannot recreate the crash.  Can you please email me a new backtrace?  Is there a way to get a backtrace of each of the threads under windows?
> 
> i don't know how to do this in mingw gdb... but here's another crashing bt.
> 
> #0  0x0044ccf8 in x264_slicetype_frame_cost (h=0x23682f0, a=0x262dd60,
>     frames=0x262dc50, p0=66, p1=68, b=68, b_intra_penalty=0)
>     at encoder/slicetype.c:276
> #1  0x0044d252 in x264_slicetype_path_cost (h=0x23682f0, a=0x262dd60,
>     frames=0x262dc50, path=0x262c72f "", threshold=268435456)
>     at encoder/slicetype.c:380
> #2  0x0044d424 in x264_slicetype_path (h=0x23682f0, a=0x262dd60,
>     frames=0x262dc50, length=64, max_bframes=16, buffer_size=51,
>     best_paths=0x262cbf0) at encoder/slicetype.c:419
> #3  0x0044d4eb in x264_slicetype_path_search (h=0x23682f0, a=0x262dd60,
>     frames=0x262dc50, length=67, bframes=16, buffer=51)
>     at encoder/slicetype.c:436
> #4  0x0044d932 in x264_slicetype_analyse (h=0x23682f0)
>     at encoder/slicetype.c:529
> #5  0x0044dd5c in x264_slicetype_decide (h=0x23682f0)
>     at encoder/slicetype.c:615
> #6  0x0042ddd4 in x264_stack_align ()
> #7  0x004271ea in _x264_lookahead_slicetype_decide (h=<incomplete type>)
>     at encoder/lookahead.c:321
> #8  0x0042751b in x264_lookahead_thread (h=<incomplete type>)
>     at encoder/lookahead.c:413
> 
> it seems the value of b reaches a point when it goes beyond the
> allocated space that frames has. as when the problem occurs frames[b]
> is pointing to the address 0x1
> this might be denoted by the fact that path_search is called with
> length=67, and yet frame_cost is called with b=68 which would be
> beyond the array of frames.
> 
> frame_cost w/ b=66 works fine, which would also point to this.
> (in my runs there never was a frame_cost call with b=67)

Your theory makes sense, but there are hard bounds checking in slicetype.c:

    for( j = 0; h->lookahead->next.list[j] && h->lookahead->next.list[j]->i_type == X264_TYPE_AUTO && j <= X264_BFRAME_MAX*4+2; j++ )

and frames is inited with:

   x264_frame_t *frames[X264_BFRAME_MAX*4+3] = { NULL, };

So we are sure we will never exceed our array size.


> > Also - could you check that it works with --lookahead 0
> >
> --lookahead 0 works until i pump the thread and bframe count high
> enough to get another frame_cost call like above.

Just to confirm, you get the same crash above at the same settings with this patch AND lookahead==0?

--DaKaZ

More information about the x264-devel mailing list