[MPlayer-users] [PATCH] crash in libavcodec/i386/dsputil_mmx.c:float_to_int16_sse2

[Ray Kohler]

Rev 14138 of libavcodec/i386/dsputil_mmx.c introduces a crash when  
decoding the first frame of any vorbis stream when SSE2 is enabled  
(unless you have really good luck). I realize that this is actually  
FFmpeg code, but as I've only been able to reproduce the crash in  
mplayer, I figured I'd send this here. If I should take it over to  
them directly, let me know.

The problem is that this code treats an unaligned doubleword as if it  
were aligned (i.e., it segfaults when executing "movdqa"). There also  
appears to be a missing "emms" instruction at the end of the function,  
though this part doesn't seem to actually matter as far as I can tell.  
I'm including it out of caution, but I'm definitely not so attached to  
that change.

Index: libavcodec/i386/dsputil_mmx.c
===================================================================
--- libavcodec/i386/dsputil_mmx.c	(revision 14158)
+++ libavcodec/i386/dsputil_mmx.c	(working copy)
@@ -2076,9 +2076,10 @@
          "cvtps2dq    (%2,%0,2)  , %%xmm0    \n\t"
          "cvtps2dq  16(%2,%0,2)  , %%xmm1    \n\t"
          "packssdw   %%xmm1      , %%xmm0    \n\t"
-        "movdqa     %%xmm0      ,  (%1,%0)  \n\t"
+        "movdqu     %%xmm0      ,  (%1,%0)  \n\t"
          "add        $16         , %0        \n\t"
          " js 1b                             \n\t"
+        "emms                               \n\t"
          :"+r"(len), "+r"(dst), "+r"(src)
      );
  }


I'm including this info since the docs tell me to:

~ % uname -a
Darwin firiesen.local 9.4.0 Darwin Kernel Version 9.4.0: Mon Jun  9  
19:30:53 PDT 2008; root:xnu-1228.5.20~1/RELEASE_I386 i386

~ % ls -l /usr/lib/libSystem*
-r-xr-xr-x  1 root  wheel   7764912 May 23 03:42 /usr/lib/ 
libSystem.B.dylib*
-r-xr-xr-x  1 root  wheel  14279856 Oct 11  2007 /usr/lib/ 
libSystem.B_debug.dylib*
-r-xr-xr-x  1 root  wheel  11206704 Oct 11  2007 /usr/lib/ 
libSystem.B_profile.dylib*
lrwxr-xr-x  1 root  wheel        17 Nov  8  2007 /usr/lib/ 
libSystem.dylib@ -> libSystem.B.dylib
-r--r--r--  1 root  wheel     88544 Sep 23  2007 /usr/lib/ 
libSystemStubs.a
-r--r--r--  1 root  wheel     88544 Sep 23  2007 /usr/lib/ 
libSystemStubs_debug.a
-r--r--r--  1 root  wheel     88656 Sep 23  2007 /usr/lib/ 
libSystemStubs_profile.a
lrwxr-xr-x  1 root  wheel        23 Nov  8  2007 /usr/lib/ 
libSystem_debug.dylib@ -> libSystem.B_debug.dylib
lrwxr-xr-x  1 root  wheel        25 Nov  8  2007 /usr/lib/ 
libSystem_profile.dylib@ -> libSystem.B_profile.dylib

~ % gcc -v
Using built-in specs.
Target: i686-apple-darwin9
Configured with: /var/tmp/gcc/gcc-5465~16/src/configure --disable- 
checking -enable-werror --prefix=/usr --mandir=/share/man --enable- 
languages=c,objc,c++,obj-c++ --program-transform-name=/^[cg][^.-]*$/s/ 
$/-4.0/ --with-gxx-include-dir=/include/c++/4.0.0 --with-slibdir=/usr/ 
lib --build=i686-apple-darwin9 --with-arch=apple --with-tune=generic -- 
host=i686-apple-darwin9 --target=i686-apple-darwin9
Thread model: posix
gcc version 4.0.1 (Apple Inc. build 5465)

~ % ld -v
@(#)PROGRAM:ld  PROJECT:ld64-77

~ % as -v
Apple Computer, Inc. version cctools-667.3~21, GNU assembler version  
1.38

~ % ./cpuinfo
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
stepping	: 6
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov  
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe pni monitor  
ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm nx lm lahf_lm
cpu MHz		: 2163.812
model name	: Intel(R) Core(TM)2 CPU         T7400  @ 2.16GHz

Video Card: ATI Radeon X1600

Video Driver: com.apple.ATIRadeonX1000 (5.2.8)

Sound Card: whatever comes in an iMac5,1

Sound Driver: com.apple.driver.AudioIPCDriver (1.0.4)