dav1d-worker segfaults on ppc64le when decoding certain avif images in Firefox or Chromium with asm optimizations enabled

changed the description

I've also tried to build it with clang 15.0.4 (+asm) to see if anything changes, but build fails:

[15/71] clang -Isrc/libdav1d_arch_bitdepth_8.a.p -Isrc -I../dav1d-9999/src -I. -I../dav1d-9999 -Iinclude/dav1d -I../dav1d-9999/include/dav1d -Iinclude -I../dav1d-9999/include -fcolor-diagnostics -DNDEBUG -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=c99 -O0 -D_GNU_SOURCE -fvisibility=hidden -Wundef -Werror=vla -Wno-missing-field-initializers -Wno-unused-parameter -Wstrict-prototypes -Werror=missing-prototypes -Wshorten-64-to-32 -O2 -pipe -mcpu=power9 -mtune=power9 -fstack-protector-strong -D_FORTIFY_SOURCE=2 -fPIC -DBITDEPTH=8 -maltivec -mvsx -MD -MQ src/libdav1d_arch_bitdepth_8.a.p/ppc_looprestoration_tmpl.c.o -MF src/libdav1d_arch_bitdepth_8.a.p/ppc_looprestoration_tmpl.c.o.d -o src/libdav1d_arch_bitdepth_8.a.p/ppc_looprestoration_tmpl.c.o -c ../dav1d-9999/src/ppc/looprestoration_tmpl.c
FAILED: src/libdav1d_arch_bitdepth_8.a.p/ppc_looprestoration_tmpl.c.o 
clang -Isrc/libdav1d_arch_bitdepth_8.a.p -Isrc -I../dav1d-9999/src -I. -I../dav1d-9999 -Iinclude/dav1d -I../dav1d-9999/include/dav1d -Iinclude -I../dav1d-9999/include -fcolor-diagnostics -DNDEBUG -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=c99 -O0 -D_GNU_SOURCE -fvisibility=hidden -Wundef -Werror=vla -Wno-missing-field-initializers -Wno-unused-parameter -Wstrict-prototypes -Werror=missing-prototypes -Wshorten-64-to-32 -O2 -pipe -mcpu=power9 -mtune=power9 -fstack-protector-strong -D_FORTIFY_SOURCE=2 -fPIC -DBITDEPTH=8 -maltivec -mvsx -MD -MQ src/libdav1d_arch_bitdepth_8.a.p/ppc_looprestoration_tmpl.c.o -MF src/libdav1d_arch_bitdepth_8.a.p/ppc_looprestoration_tmpl.c.o.d -o src/libdav1d_arch_bitdepth_8.a.p/ppc_looprestoration_tmpl.c.o -c ../dav1d-9999/src/ppc/looprestoration_tmpl.c
../dav1d-9999/src/ppc/looprestoration_tmpl.c:53:32: error: initializer element is not a compile-time constant
    static const i32x4 zerov = vec_splats(0);
                               ^~~~~~~~~~~~~
../dav1d-9999/src/ppc/looprestoration_tmpl.c:54:36: error: initializer element is not a compile-time constant
    static const i32x4 seven_vec = vec_splats(7);
                                   ^~~~~~~~~~~~~
../dav1d-9999/src/ppc/looprestoration_tmpl.c:55:45: error: initializer element is not a compile-time constant
    static const i32x4 bitdepth_added_vec = vec_splats(1 << 14);
                                            ^~~~~~~~~~~~~~~~~~~
../dav1d-9999/src/ppc/looprestoration_tmpl.c:56:41: error: initializer element is not a compile-time constant
    static const i32x4 round_bits_vec = vec_splats(3);
                                        ^~~~~~~~~~~~~
../dav1d-9999/src/ppc/looprestoration_tmpl.c:57:43: error: initializer element is not a compile-time constant
    static const i32x4 rounding_off_vec = vec_splats(1<<2);
                                          ^~~~~~~~~~~~~~~~
../dav1d-9999/src/ppc/looprestoration_tmpl.c:58:39: error: initializer element is not a compile-time constant
    static const i32x4 clip_limit_v = vec_splats((1 << 13) - 1);
                                      ^~~~~~~~~~~~~~~~~~~~~~~~~
../dav1d-9999/src/ppc/looprestoration_tmpl.c:131:32: error: initializer element is not a compile-time constant
    static const i16x8 zerov = vec_splats((int16_t)0);
                               ^~~~~~~~~~~~~~~~~~~~~~
../dav1d-9999/src/ppc/looprestoration_tmpl.c:132:31: error: initializer element is not a compile-time constant
    static const i16x8 maxv = vec_splats((int16_t)255);
                              ^~~~~~~~~~~~~~~~~~~~~~~~
../dav1d-9999/src/ppc/looprestoration_tmpl.c:178:41: error: initializer element is not a compile-time constant
    static const i32x4 round_bits_vec = vec_splats(11);
                                        ^~~~~~~~~~~~~~
../dav1d-9999/src/ppc/looprestoration_tmpl.c:179:36: error: initializer element is not a compile-time constant
    static const i32x4 round_vec = vec_splats((1 << 10) - (1 << 18));
                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10 errors generated.

Can you please provide a single file possibly in ivf, that triggers the problem?

mentioned in issue #413 (closed)

Otherwise !1464 (merged) may fix your problem.

According to Chrome Developer Tools there are 16 images which trigger the crash in that page and your patches fix one of them (https://www.diptyqueparis.com/fstrz/r/s/d1wwvmedxjfrrp.cloudfront.net/wysiwyg/paypal.png?frz-v=250)

Nevermid, the patches didn't help at all: this image is simply less prone to crashes than the others but sometimes it still crashes (with or without the patches).

With the same stacktrace?

chromium --no-sandbox --renderer-cmd-prefix="xterm -title renderer -e gdb -ex run --args":

Thread 22 "dav1d-worker" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fffe62b8840 (LWP 360693)]
copy8xN (edges=(CDEF_HAVE_RIGHT | CDEF_HAVE_BOTTOM), h=8, w=8, bottom=<optimized out>, top=<optimized out>, left=0x3fffe62b7b40, src_stride=128, src=0x2f9806f00000 "\t\002\az\324\316\326\331\330\320\322\323\307\304\311\301\301\305\305½\270\265\266\272\277\277\272\266\265\267\271\271\270\270\270\267\267\266\267\265\260\263\301\303\303ſ\275\276\276\276\276\276\276\301ü¼\274ý\306ù\260\267\274\305\314\301\277\303\300\270\274\271\266", '\263' <repeats 17 times>, "g\035", tmp_stride=16, tmp=0x3fffe62b7680) at ../dav1d-9999/src/ppc/cdef_tmpl.c:164
164     ../dav1d-9999/src/ppc/cdef_tmpl.c: No such file or directory.
(gdb) bt
#0  copy8xN (edges=(CDEF_HAVE_RIGHT | CDEF_HAVE_BOTTOM), h=8, w=8, bottom=<optimized out>, top=<optimized out>, left=0x3fffe62b7b40, src_stride=128, src=0x2f9806f00000 "\t\002\az\324\316\326\331\330\320\322\323\307\304\311\301\301\305\305½\270\265\266\272\277\277\272\266\265\267\271\271\270\270\270\267\267\266\267\265\260\263\301\303\303ſ\275\276\276\276\276\276\276\301ü¼\274ý\306ù\260\267\274\305\314\301\277\303\300\270\274\271\266", '\263' <repeats 17 times>, "g\035", tmp_stride=16, tmp=0x3fffe62b7680) at ../dav1d-9999/src/ppc/cdef_tmpl.c:164
#1  filter_8xN (tmp=0x3fffe62b7684, tmp_stride=16, edges=(CDEF_HAVE_RIGHT | CDEF_HAVE_BOTTOM), damping=5, dir=<optimized out>, sec_strength=2, pri_strength=10, h=8, w=8, bottom=<optimized out>, top=<optimized out>, left=0x3fffe62b7b40, dst_stride=128, dst=0x2f9806f00000 "\t\002\az\324\316\326\331\330\320\322\323\307\304\311\301\301\305\305½\270\265\266\272\277\277\272\266\265\267\271\271\270\270\270\267\267\266\267\265\260\263\301\303\303ſ\275\276\276\276\276\276\276\301ü¼\274ý\306ù\260\267\274\305\314\301\277\303\300\270\274\271\266", '\263' <repeats 17 times>, "g\035") at ../dav1d-9999/src/ppc/cdef_tmpl.c:389
#2  dav1d_cdef_filter_8x8_vsx (dst=0x2f9806f00000 "\t\002\az\324\316\326\331\330\320\322\323\307\304\311\301\301\305\305½\270\265\266\272\277\277\272\266\265\267\271\271\270\270\270\267\267\266\267\265\260\263\301\303\303ſ\275\276\276\276\276\276\276\301ü¼\274ý\306ù\260\267\274\305\314\301\277\303\300\270\274\271\266", '\263' <repeats 17 times>, "g\035", dst_stride=128, left=0x3fffe62b7b40, top=<optimized out>, bottom=<optimized out>, pri_strength=10, sec_strength=2, dir=<optimized out>, damping=<optimized out>, edges=<optimized out>) at ../dav1d-9999/src/ppc/cdef_tmpl.c:467
#3  0x00003ffff652f08c in dav1d_cdef_brow_8bpc (tc=0x2f98074bf6c0, p=<optimized out>, lflvl=0x2f980168cc00, by_start=<optimized out>, by_end=<optimized out>, sbrow_start=<optimized out>, sby=<optimized out>) at ../dav1d-9999/src/cdef_apply_tmpl.c:240
#4  0x00003ffff654b860 in dav1d_filter_sbrow_cdef_8bpc (tc=0x2f98074bf6c0, sby=<optimized out>) at ../dav1d-9999/src/recon_tmpl.c:2117
#5  0x00003ffff6571dd4 in dav1d_worker_task (data=0x2f98074bf6c0) at ../dav1d-9999/src/thread_task.c:849
#6  0x00003ffff52534a8 in  () at /lib64/libc.so.6
#7  0x00003ffff5302c30 in clone () at /lib64/libc.so.6

if you do something along the lines of ffmpeg -i {image url} -c copy crash.ivf and then gdb --args dav1d -i /tmp/crash.ivf -o /dev/null does the command crash the same way?

It looks like the command fails both with and without -asm:

niko@talos2 ~/temp $ ffmpeg -i edp-eau-capitale-75ml-coffret.avif -c copy crash.ivf
ffmpeg version 4.4.3 Copyright (c) 2000-2022 the FFmpeg developers
  built with gcc 11.3.0 (Gentoo 11.3.0 p7)
  configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64 --docdir=/usr/share/doc/ffmpeg-4.4.3/html --mandir=/usr/share/man --enable-shared --cc=powerpc64le-unknown-linux-gnu-gcc --cxx=powerpc64le-unknown-linux-gnu-g++ --ar=powerpc64le-unknown-linux-gnu-ar --nm=powerpc64le-unknown-linux-gnu-nm --strip=powerpc64le-unknown-linux-gnu-strip --ranlib=powerpc64le-unknown-linux-gnu-ranlib --pkg-config=powerpc64le-unknown-linux-gnu-pkg-config --optflags='-O2 -pipe -mcpu=power9 -mtune=power9' --disable-static --enable-avfilter --enable-avresample --disable-stripping --disable-optimizations --disable-libcelt --disable-indev=v4l2 --disable-outdev=v4l2 --disable-indev=oss --disable-indev=jack --disable-indev=sndio --disable-outdev=oss --disable-outdev=sndio --enable-bzlib --disable-runtime-cpudetect --disable-debug --disable-gcrypt --enable-gnutls --disable-gmp --enable-gpl --disable-hardcoded-tables --enable-iconv --disable-libxml2 --disable-lzma --enable-network --enable-opencl --disable-openssl --enable-postproc --disable-libsmbclient --enable-ffplay --enable-sdl2 --enable-vaapi --disable-vdpau --enable-vulkan --enable-xlib --enable-libxcb --enable-libxcb-shm --enable-libxcb-xfixes --enable-zlib --disable-libcdio --disable-libiec61883 --disable-libdc1394 --disable-libcaca --disable-openal --enable-opengl --disable-libv4l2 --enable-libpulse --disable-libdrm --disable-libjack --disable-libopencore-amrwb --disable-libopencore-amrnb --disable-libcodec2 --enable-libdav1d --disable-libfdk-aac --disable-libopenjpeg --disable-libbluray --disable-libgme --disable-libgsm --disable-libaribb24 --disable-mmal --disable-libmodplug --disable-libopus --disable-libilbc --disable-librtmp --disable-libssh --disable-libspeex --disable-libsrt --enable-librsvg --disable-ffnvcodec --enable-libvorbis --enable-libvpx --disable-libzvbi --disable-appkit --disable-libbs2b --disable-chromaprint --disable-cuda-llvm --disable-libflite --disable-frei0r --disable-libvmaf --disable-libfribidi --disable-fontconfig --disable-ladspa --disable-libass --disable-libtesseract --disable-lv2 --enable-libfreetype --disable-libvidstab --disable-librubberband --disable-libzmq --disable-libzimg --disable-libsoxr --enable-pthreads --disable-amf --disable-libvo-amrwbenc --disable-libkvazaar --disable-libaom --enable-libmp3lame --disable-libopenh264 --disable-librav1e --disable-libsnappy --disable-libsvtav1 --disable-libtheora --disable-libtwolame --disable-libwebp --enable-libx264 --disable-libx265 --enable-libxvid --disable-armv5te --disable-armv6 --disable-armv6t2 --disable-neon --disable-vfp --disable-vfpv3 --disable-armv8 --disable-mipsdsp --disable-mipsdspr2 --disable-mipsfpu --disable-amd3dnow --disable-amd3dnowext --disable-aesni --disable-avx --disable-avx2 --disable-fma3 --disable-fma4 --disable-mmx --disable-mmxext --disable-sse --disable-sse2 --disable-sse3 --disable-ssse3 --disable-sse4 --disable-sse42 --disable-xop --cpu=power9 --disable-doc --disable-htmlpages --enable-manpages
  libavutil      56. 70.100 / 56. 70.100
  libavcodec     58.134.100 / 58.134.100
  libavformat    58. 76.100 / 58. 76.100
  libavdevice    58. 13.100 / 58. 13.100
  libavfilter     7.110.100 /  7.110.100
  libavresample   4.  0.  0 /  4.  0.  0
  libswscale      5.  9.100 /  5.  9.100
  libswresample   3.  9.100 /  3.  9.100
  libpostproc    55.  9.100 / 55.  9.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x13959e550] moov atom not found
edp-eau-capitale-75ml-coffret.avif: Invalid data found when processing input

Can you please post the file edp-eau-capitale-75ml-coffret.avif in this bug tracker directly?

Actually, I found it myself. @lu_zero IVF is here: edp-eau-capitale-75ml-coffret.ivf

It doesn't crash (+asm and no patches):

niko@talos2 ~/temp $ gdb --args dav1d -i edp-eau-capitale-75ml-coffret.ivf -o /dev/null
GNU gdb (Gentoo 11.2 vanilla) 11.2
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "powerpc64le-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from dav1d...
(gdb) run
Starting program: /usr/bin/dav1d -i edp-eau-capitale-75ml-coffret.ivf -o /dev/null
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
dav1d 1.0.0-90-g4b9f5b7 - by VideoLAN
[New Thread 0x3ffff72f0840 (LWP 469575)]
[New Thread 0x3ffff71ed840 (LWP 469576)]
[New Thread 0x3ffff70ea840 (LWP 469577)]
[New Thread 0x3ffff6fe7840 (LWP 469578)]
[New Thread 0x3ffff6ee4840 (LWP 469579)]
[New Thread 0x3ffff6de1840 (LWP 469580)]
[New Thread 0x3ffff6cde840 (LWP 469581)]
[New Thread 0x3ffff6bdb840 (LWP 469582)]
[New Thread 0x3ffff6ad8840 (LWP 469583)]
[New Thread 0x3ffff69d5840 (LWP 469584)]
[New Thread 0x3ffff68d2840 (LWP 469585)]
[New Thread 0x3ffff67cf840 (LWP 469586)]
[New Thread 0x3ffff66cc840 (LWP 469587)]
[New Thread 0x3ffff65c9840 (LWP 469588)]
[New Thread 0x3ffff64c6840 (LWP 469589)]
[New Thread 0x3ffff63c3840 (LWP 469590)]
[New Thread 0x3ffff62c0840 (LWP 469591)]
[New Thread 0x3ffff61bd840 (LWP 469592)]
[New Thread 0x3ffff60ba840 (LWP 469593)]
[New Thread 0x3ffff5fb7840 (LWP 469594)]
[New Thread 0x3ffff5eb4840 (LWP 469595)]
[New Thread 0x3ffff5db1840 (LWP 469596)]
[New Thread 0x3ffff5cae840 (LWP 469597)]
[New Thread 0x3ffff5bab840 (LWP 469598)]
[New Thread 0x3ffff5aa8840 (LWP 469599)]
[New Thread 0x3ffff59a5840 (LWP 469600)]
[New Thread 0x3ffff58a2840 (LWP 469601)]
[New Thread 0x3ffff579f840 (LWP 469602)]
[New Thread 0x3ffff569c840 (LWP 469603)]
[New Thread 0x3ffff5599840 (LWP 469604)]
[New Thread 0x3ffff5496840 (LWP 469605)]
[New Thread 0x3ffff5393840 (LWP 469606)]
Decoded 1/1 frames (100.0%) - 69.76/1.00 fps (69.76x)
[Thread 0x3ffff5393840 (LWP 469606) exited]
[Thread 0x3ffff5496840 (LWP 469605) exited]
[Thread 0x3ffff5599840 (LWP 469604) exited]
[Thread 0x3ffff569c840 (LWP 469603) exited]
[Thread 0x3ffff579f840 (LWP 469602) exited]
[Thread 0x3ffff58a2840 (LWP 469601) exited]
[Thread 0x3ffff59a5840 (LWP 469600) exited]
[Thread 0x3ffff5aa8840 (LWP 469599) exited]
[Thread 0x3ffff5bab840 (LWP 469598) exited]
[Thread 0x3ffff5cae840 (LWP 469597) exited]
[Thread 0x3ffff5db1840 (LWP 469596) exited]
[Thread 0x3ffff5eb4840 (LWP 469595) exited]
[Thread 0x3ffff5fb7840 (LWP 469594) exited]
[Thread 0x3ffff60ba840 (LWP 469593) exited]
[Thread 0x3ffff61bd840 (LWP 469592) exited]
[Thread 0x3ffff62c0840 (LWP 469591) exited]
[Thread 0x3ffff63c3840 (LWP 469590) exited]
[Thread 0x3ffff64c6840 (LWP 469589) exited]
[Thread 0x3ffff65c9840 (LWP 469588) exited]
[Thread 0x3ffff66cc840 (LWP 469587) exited]
[Thread 0x3ffff67cf840 (LWP 469586) exited]
[Thread 0x3ffff68d2840 (LWP 469585) exited]
[Thread 0x3ffff69d5840 (LWP 469584) exited]
[Thread 0x3ffff6ad8840 (LWP 469583) exited]
[Thread 0x3ffff6bdb840 (LWP 469582) exited]
[Thread 0x3ffff6cde840 (LWP 469581) exited]
[Thread 0x3ffff6de1840 (LWP 469580) exited]
[Thread 0x3ffff6ee4840 (LWP 469579) exited]
[Thread 0x3ffff6fe7840 (LWP 469578) exited]
[Thread 0x3ffff70ea840 (LWP 469577) exited]
[Thread 0x3ffff71ed840 (LWP 469576) exited]
[Thread 0x3ffff72f0840 (LWP 469575) exited]
[Inferior 1 (process 469572) exited normally]
(gdb) quit

The same dav1d crashes on Chrome/Firefox.

During the weekend I'll check, probably you'd need to build dav1d with asan to see the problem.

lu_zero@sol ~/dav1d/.build-clang15  (master)
$ tools/dav1d -i ~/Samples/edp-eau-capitale-75ml-coffret.ivf -o /dev/null                                                                                       dav1d 1.0.0-92-g1f76c4c - by VideoLAN
=================================================================
==32359==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7dffe92207fe at pc 0x7ffff7dfbdbc bp 0x7dfff4bfded0 sp 0x7dfff4bfdef8
READ of size 16 at 0x7dffe92207fe thread T1 (dav1d-worker)
    #0 0x7ffff7dfbdb8 in vec_vsx_ld(int, unsigned char const*) /usr/lib/llvm/15/bin/../../../../lib/clang/15.0.5/include/altivec.h:13011:32
    #1 0x7ffff7dfbdb8 in copy8xN /home/lu_zero/dav1d/.build-clang15/../src/ppc/cdef_tmpl.c:164:19
    #2 0x7ffff7dfbdb8 in filter_8xN /home/lu_zero/dav1d/.build-clang15/../src/ppc/cdef_tmpl.c:389:5
    #3 0x7ffff7dfbdb8 in dav1d_cdef_filter_8x8_vsx /home/lu_zero/dav1d/.build-clang15/../src/ppc/cdef_tmpl.c:467:1
    #4 0x7ffff7cdbe1c in dav1d_cdef_brow_8bpc /home/lu_zero/dav1d/.build-clang15/../src/cdef_apply_tmpl.c
    #5 0x7ffff7d5bff4 in dav1d_filter_sbrow_cdef_8bpc /home/lu_zero/dav1d/.build-clang15/../src/recon_tmpl.c:2117:5
    #6 0x7ffff7e07700 in dav1d_worker_task /home/lu_zero/dav1d/.build-clang15/../src/thread_task.c:849:21
    #7 0x10014d4d0 in __asan::AsanThread::ThreadStart(unsigned long long) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-16.0.0_pre20221120/work/compiler-rt/l
ib/asan/asan_thread.cpp:277:25
    #8 0x10011bf94 in asan_thread_start(void*) /var/tmp/portage/sys-libs/compiler-rt-sanitizers-16.0.0_pre20221120/work/compiler-rt/lib/asan/asan_interceptors.c
pp:199:13
    #9 0x7ffff78b3454  (/lib64/libc.so.6+0xa3454)
    #10 0x7ffff79631cc in __clone (/lib64/libc.so.6+0x1531cc)

0x7dffe92207fe is located 2 bytes before 737344-byte region [0x7dffe9220800,0x7dffe92d4840)
allocated by thread T0 here:
    #0 0x10013b7a0 in posix_memalign /var/tmp/portage/sys-libs/compiler-rt-sanitizers-16.0.0_pre20221120/work/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x7ffff7e959e4 in dav1d_alloc_aligned /home/lu_zero/dav1d/.build-clang15/../src/mem.h:66:9
    #2 0x7ffff7e959e4 in dav1d_mem_pool_pop /home/lu_zero/dav1d/.build-clang15/../src/mem.c:72:16
    #3 0x7ffff7eac700 in dav1d_default_picture_alloc /home/lu_zero/dav1d/.build-clang15/../src/picture.c:71:37
    #4 0x7ffff7ead20c in picture_alloc_with_edges /home/lu_zero/dav1d/.build-clang15/../src/picture.c:136:21
    #5 0x7ffff7eacb78 in dav1d_thread_picture_alloc /home/lu_zero/dav1d/.build-clang15/../src/picture.c:182:9
    #6 0x7ffff7e33ca8 in dav1d_submit_frame /home/lu_zero/dav1d/.build-clang15/../src/decode.c:3684:11
    #7 0x7ffff7e9b110 in dav1d_parse_obus /home/lu_zero/dav1d/.build-clang15/../src/obu.c:1641:24
    #8 0x7ffff7dfeee8 in gen_picture /home/lu_zero/dav1d/.build-clang15/../src/lib.c:457:15
    #9 0x7ffff7dfecd8 in dav1d_send_data /home/lu_zero/dav1d/.build-clang15/../src/lib.c:487:15
    #10 0x100190ce8 in main /home/lu_zero/dav1d/.build-clang15/../tools/dav1d.c:271:20
    #11 0x7ffff7834c20  (/lib64/libc.so.6+0x24c20)
    #12 0x7ffff7834e6c in __libc_start_main (/lib64/libc.so.6+0x24e6c)

Problem confirmed

Added a patch to address it, please confirm it works for you as well.

It works, thanks!

closed with commit c56e352b

EDIT: I can't read...this was already merged. Please ignore.

Just hit this during the Chromium 109 release cycle for Debian. For anyone else affected, we'll be carrying this patch downstream in the interim, but the upstream Chromium tree currently contains the bad copy of dav1d.

changed milestone to %1.1.0

dav1d-worker segfaults on ppc64le when decoding certain avif images in Firefox or Chromium with asm optimizations enabled

Child items 0

Activity