Menu

#1022 stack overflow, floating point model - fast

Crash
closed-fixed
Jerome Martinez
stack overflow (1) fpu (1)
5
2018-07-15
2016-11-16
Dmitry
No

Hi
Found an issue using your library.
I am working with DirectX currently. If I create DirectX device and use your library (asking for movie file duration). In most cases I get a crash - stack overflow.
I checked problem and found that by default DirectX device changes FPU setting (it enables in runtime Fast Floating Point Model - same like "/fp:fast" in VS project properties). Your library crashes in infinite recursion of calling
void File__Analyze::Fill (stream_t StreamKind, size_t StreamPos, size_t Parameter, float32 Value, int8u AfterComma, bool Replace); function. Actually it never finds how to exit from this function due to this code block:

if (float32_int32s(Value) - Value*1.001001 > -0.000002
&& float32_int32s(Value) - Value*1.001001 < +0.000002) // Detection of rounded 1.001 (e.g. 23976/1000) taking into account precision of 32-bit float
{...}

According to the comment "Detection of rounded 1.001 (e.g. 23976/1000) taking into account precision of 32-bit float" - you know about this problem or suspect it exists at least.

Vulnerable the both libraries static and DLL.
My proposals - use double instad of float or change algorythms. Reverting back FPU precision is not a solution at all.

I fixed this problem on DirectX side (disabled FPU changes). But anyway it should be fixed in MediaInfo library also.

If this is known problem or feature - sorry.

Thanks for your library, it is really cool!.

Discussion

  • Jerome Martinez

    Jerome Martinez - 2016-11-16

    If this is known problem or feature - sorry.

    As described, this is new and a bug.

    you know about this problem or suspect it exists at least.

    precise 1.001 is an issue, but moving all to double would be long, not sure yet about how to fix that (correctly detect 1.001 and no loop, or change all to double).

     

  • pavel_pimenov

    pavel_pimenov - 2016-11-17

    Hi Dmitry!
    url (or attach file) for reproduce stack overflow?
    RegressionTest.exe + Fast (/fp:fast) all ok:

     
    Thumbnail
    mediainfo-1022.png

    • Jerome Martinez

      Jerome Martinez - 2016-11-17

      Pavel: you tested with a round number (25.000), issue is with 1.001 frame rates (23.976 or 29.970).

       

  • Dmitry

    Dmitry - 2016-11-17

    Jerome - you are right, fps was 23.98.
    If you need test, I could provide code and solution, but is this really needed?
    If needed - give me time pls (busy).

     

    • pavel_pimenov

      pavel_pimenov - 2016-11-17

      but is this really needed?

      No.

       

  • pavel_pimenov

    pavel_pimenov - 2016-11-17

    Dmitry

    Exception thrown at 0x079A5187 (vfcuzz.dll) in RegressionTest.exe: 0xC00000FD: Stack overflow (parameters: 0x00000000, 0x002B2000).
    Unhandled exception at 0x079A5187 (vfcuzz.dll) in RegressionTest.exe: 0xC00000FD: Stack overflow (parameters: 0x00000000, 0x002B2000).

    void FileAnalyze::Video_FrameRate_Rounding(size_t Pos, video Parameter)

    V550 An odd precise comparison: FrameRate != FrameRate_Sav. It's probably better to use a comparison with defined precision: fabs(A - B) > Epsilon. fileanalyze_streams.cpp 1544

    http://www.viva64.com/en/w/V550/print/

    try patch Source\MediaInfo\FileAnalyze_Streams.cpp

    if (std::fabs(FrameRate - FrameRate_Sav) > 0.01)
    Fill(Stream_Video, Pos, Parameter, FrameRate, 3, true);

     

    Last edit: pavel_pimenov 2016-11-18
    Thumbnail
    mediainfo-bug-1022.png

    • Jerome Martinez

      Jerome Martinez - 2016-11-17

      If I understand well, the issue is more due to different methods at 2 different places for detecting "known values", so there is an infinite loop, and the issue is FrameRate!=FrameRate_Sav which does not work as expected with "/fp:fast", right?

      Definitely not the best code ever, but I prefer to use this small fix now and I'll do a complete different implementation when I have more time.

       

      • pavel_pimenov

        pavel_pimenov - 2016-11-18

        No :-( (perhaps this is another stack overflow)
        My test solution crash with /fp:fast and (/fp:precise)

        wait Dmitry...

         

        • pavel_pimenov

          pavel_pimenov - 2016-11-18

          not found example file with 23.98.
          and hack FileAnalyze::Fill / RegressionTest :)
          https://github.com/pavel-pimenov/sandbox/commit/234bd419c7e258b435dd6fd1dd5bf7a3bc6a755c

          git clone https://github.com/pavel-pimenov/sandbox.git
          cd sandbox\mediainfo\MediaInfoLib\Project\MSVC2015
          call build-debug.bat
          cd Win32\Debug
          call run-regression-test.bat

          Events
          Analyzing
          1/1 D:\777777777777\sandbox\mediainfo\MediaInfoLib\Project\MSVC2015\Win32\Debug\file1.mkv
          FileAnalyze::Fill count = 1
          [1] float32_int32s(Value) = 23.980000 Value1.001000 = 24.003980
          [2] float32_int32s(Value) = 23.980000 Value          1.001001 = 24.004004
          FileAnalyze::Fill count = 2
          [1] float32_int32s(Value) = 23.980000 Value1.001000 = 24.003980
          [2] float32_int32s(Value) = 23.980000 Value          1.001001 = 24.004004
          FileAnalyze::Fill count = 3

          |||||||||||||||||||||||||||||||||||||||||||||||||

          Value1.001001 = 24.004004
          FileAnalyze::Fill count = 124
          [1] float32_int32s(Value) = 23.980000 Value          1.001000 = 24.003980
          [2] float32_int32s(Value) = 23.980000 Value1.001001 = 24.004004
          FileAnalyze::Fill count = 125
          [1] float32_int32s(Value) = 23.980000 Value          1.001000 = 24.003980
          [2] float32_int32s(Value) = 2

          ...
          SO crash!

           

  • pavel_pimenov

    pavel_pimenov - 2016-11-29

    Dmitry ?

     

  • Jerome Martinez

    Jerome Martinez - 2018-07-15
    • status: open --> closed-fixed
    • assigned_to: Jerome Martinez
     

Log in to post a comment.