Hi Jean-Marc,
Thanks for your response. Please find the details as below.
*Backtrace we got for this crash:*
#0 0x0000000000800c54 in opus_decode_frame (st=0x38906b8f99d09c5,
data=0xf0aa10b4ef1008ae <Address 0xf0aa10b4ef1008ae out of bounds>,
len=-188613428, pcm=0x6e80016085efd57,
frame_size=44037315, decode_fec=58716895) at src/opus_decoder.c:384
#1 0x00000000008009c0 in opus_decode_frame (st=0x712357d0,
data=0x7effff9ab72d "~?`\\?K\005??y?w+g~?S2\025?\036T?\002x??h!???
\220\233\066s?\030#gb\rn?rF\005Q?\213;?`\207$O?(m\222=9??/h??t??E?w?
\237\"\206z\005\213?u at e", len=88, pcm=0x7effff9a6a80,
frame_size=640,
decode_fec=0) at src/opus_decoder.c:319
#2 0x0000000000801be1 in opus_decode_native (st=0x712357d0,
data=0x7effff9ab72d "~?`\\?K\005??y?w+g~?S2\025?\036T?\002x??h!???
\220\233\066s?\030#gb\rn?rF\005Q?\213;?`\207$O?(m\222=9??/h??t??E?w?
\237\"\206z\005\213?u at e", len=89, pcm=0x7effff9a6a80,
frame_size=640,
decode_fec=0, self_delimited=0,
packet_offset=0x0, soft_clip=1) at src/opus_decoder.c:681
#3 0x000000000080226c in opus_decode (st=0x712357d0,
data=0x7effff9ab72c "?~?`\\?K\005??y?w+g~?S2\025?\036T?\002x??h!???
\220\233\066s?\030#gb\rn?rF\005Q?\213;?`\207$O?(m\222=9??/h??t??E?w?
\237\"\206z\005\213?u at e", len=89, pcm=0x71245a60, frame_size=640,
decode_fec=0) at src/opus_decoder.c:867
#4 0x00000000004fd6b5 in kn_opus_decode (decHandle=0x712357d0,
decProp=0x1675698, src=0x16756d0, dest=0x71245a60,
dstLen=0x1673210) at MSTranscodeOPUS.c:100
*And the code flow what we have observed for this specific incident:*
*Called this as mode is CELT_ONLY,*
if (data!=NULL && st->prev_mode > 0 && (
(mode == MODE_CELT_ONLY && st->prev_mode != MODE_CELT_ONLY
&&
!st->prev_redundancy)
|| (mode != MODE_CELT_ONLY && st->prev_mode == MODE_CELT_ONLY) )
)
{
*transition = 1*;
/* Decide where to allocate the stack memory for pcm_transition */
if (mode == MODE_CELT_ONLY)
pcm_transition_celt_size = F5*st->channels;
else
pcm_transition_silk_size = F5*st->channels;
}
*So transition is made as 1 called this,*
if (transition && mode == MODE_CELT_ONLY)
{
pcm_transition = pcm_transition_celt;
opus_decode_frame(st, NULL, 0, pcm_transition, IMIN(F5, audiosize),
0);
}
*In "opus_decode_frame" again, as data is passed as NULL, goes to else
part*
if (data != NULL)
{
audiosize = st->frame_size;
mode = st->mode;
ec_dec_init(&dec,(unsigned char*)data,len);
} else {
audiosize = frame_size;
mode = st->prev_mode;
*As the mode is made as prev mode now, which was a silk, this goes inside,*
/* SILK processing */
if (mode != MODE_CELT_ONLY)
{
*Then in this function called this*,
silk_ret = silk_Decode( silk_dec, &st->DecControl,
lost_flag, first_frame, &dec, pcm_ptr,
&silk_frame_size );
*And finally, somehow, the "silk_frame_size" is a negative value ( say
-1376272 in our case), then in the same function called the below and this
crashes here.*
pcm_ptr += silk_frame_size * st->channels;
Please help.
Thanks
Suresh
On 12 April 2015 at 21:23, Jean-Marc Valin <jmvalin at jmvalin.ca> wrote:
> Do you have any file that demonstrates the problem with either opus_demo
> or opusdec?
>
> Jean-Marc
>
> On 09/04/15 04:01 AM, Suresh Thiriveedi wrote:
> > Hi,
> >
> > I'm curious to know when would be the 1.1.1 stable version
available.
> >
> > In 1.1, we are facing crash when opus library is trying to decode the
> > CELT-only, full band and 20 ms. So we tried with 1.1.1 beta and it
looks
> > to be fine. Is there any open issue regarding this in 1.1 version?
> >
> > Thanks
> > Suresh
> >
> >
> > _______________________________________________
> > opus mailing list
> > opus at xiph.org
> > http://lists.xiph.org/mailman/listinfo/opus
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.xiph.org/pipermail/opus/attachments/20150413/8b54fbae/attachment.htm