[mythtv-commits] Ticket #25: crash in OSDTypeEditSlider::Reinit

MythTV mythtv at cvs.mythtv.org
Wed Jun 29 01:17:19 UTC 2005


#25: crash in OSDTypeEditSlider::Reinit
--------------------+-------------------------------------------------------
       Id:  25      |      Status:  new                     
Component:  mythtv  |    Modified:  Wed Jun 29 01:17:19 2005
 Severity:  medium  |   Milestone:                          
 Priority:  minor   |     Version:  head                    
    Owner:  ijr     |    Reporter:  rtsai1111               
--------------------+-------------------------------------------------------
 I have a slightly defective recording that I can use to consistently crash
 mythfrontend. mplayer is able to play the file, albeit complaining in the
 console about CRC failures. The stack trace of mythfrontend is:

 {{{
 (gdb) bt
 #0  0x00002aaaadf44705 in raise () from /lib/libc.so.6
 #1  0x00002aaaadf45e8e in abort () from /lib/libc.so.6
 #2  0x00002aaaadb43606 in __cxa_call_unexpected () from
 /usr/lib/libstdc++.so.5
 #3  0x00002aaaadb43633 in std::terminate () from /usr/lib/libstdc++.so.5
 #4  0x00002aaaadb43753 in __cxa_throw () from /usr/lib/libstdc++.so.5
 #5  0x00002aaaadb4394f in operator new () from /usr/lib/libstdc++.so.5
 #6  0x00002aaaadb43a09 in operator new[] () from /usr/lib/libstdc++.so.5
 #7  0x00002aaaab1ac1ad in OSDTypeEditSlider::Reinit (this=0x16be5d0,
     wchange=0, hchange=0, wmult=2, hmult=1.4708333) at osdtypes.cpp:1223
 #8  0x00002aaaab1a5d83 in OSDSet::Reinit (this=0x16bf560,
 screenwidth=1280,
     screenheight=720, xoff=0, yoff=7, displaywidth=1280,
 displayheight=706,
     wmult=2, hmult=1.4708333, frint=16683) at osdtypes.cpp:194
 #9  0x00002aaaab192ff0 in OSD::Reinit (this=0x104cbf0, width=1280,
 height=720,
     frint=16683, dispx=0, dispy=7, dispw=1280, disph=706) at osd.cpp:232
 #10 0x00002aaaab1672d5 in NuppelVideoPlayer::ReinitOSD (this=0x697890)
     at NuppelVideoPlayer.cpp:441
 #11 0x00002aaaab167664 in NuppelVideoPlayer::ReinitVideo (this=0x697890)
     at NuppelVideoPlayer.cpp:465
 #12 0x00002aaaab168246 in NuppelVideoPlayer::SetVideoParams
 (this=0x697890,
     width=1280, height=720, fps=59.940059940059932, keyframedistance=1,
     aspect=1.77777779, scan=kScan_Detect, reinit=true)
     at NuppelVideoPlayer.cpp:560
 #13 0x00002aaaab18dfeb in AvFormatDecoder::MpegPreProcessPkt
 (this=0xfdf400,
     stream=0x71e6d0, pkt=0x763d90) at avformatdecoder.cpp:1175
 #14 0x00002aaaab18f816 in AvFormatDecoder::GetFrame (this=0xfdf400,
     onlyvideo=0) at avformatdecoder.cpp:1522
 #15 0x00002aaaab16a94b in NuppelVideoPlayer::GetFrame (this=0x697890,
     onlyvideo=0, unsafe=false) at NuppelVideoPlayer.cpp:848
 #16 0x00002aaaab170e0a in NuppelVideoPlayer::StartPlaying (this=0x697890)
     at NuppelVideoPlayer.cpp:2069
 #17 0x00002aaaab13d9d1 in SpawnDecode (param=0x697890) at tv_play.cpp:150
 #18 0x00002aaaad994b55 in start_thread () from /lib/libpthread.so.0
 #19 0x00002aaaadfe7870 in clone () from /lib/libc.so.6
 }}}

 The interesting bits (to my untrained eye) is here:

 {{{
 (gdb) l -
 1208    }
 1209
 1210    void OSDTypeEditSlider::Reinit(float wchange, float hchange, float
 wmult,
 1211                                   float hmult)
 1212    {
 1213        int width = (int)(m_displayrect.width() * wchange);
 1214        int height = (int)(m_displayrect.height() * hchange);
 1215        int x = (int)(m_displayrect.x() * wchange);
 1216        int y = (int)(m_displayrect.y() * hchange);
 1217
 1218        m_displayrect = QRect(x, y, width, height);
 1219        m_drawwidth = m_displayrect.width();
 1220
 1221        delete [] m_drawMap;
 1222
 1223        m_drawMap = new unsigned char[m_drawwidth + 1];
 1224        for (int i = 0; i < m_drawwidth; i++)
 1225             m_drawMap[i] = 0;
 1226
 1227        m_displaypos = m_displayrect.topLeft();

 (gdb) p wchange
 $12 = 0

 (gdb) info locals
 width = -2147483648
 height = -2147483648
 x = -2147483648
 y = -2147483648

 (gdb) p m_drawwidth
 $15 = -2147483648

 (gdb) p /x m_drawwidth
 $16 = 0x80000000
 }}}

 Because of m_drawwidth having a bogus value, array allocation fails.

 If there is any interest in this bug, I'm willing to help debug (e.g.,
 inspecting more variables, etc.), given its ease of reproducibility.

 The system is ubuntu hoary AMD64, latest svn.

 Conversely, if there is little interest/time in tracking this down, let me
 know so I can delete this recording :)

-- 
Ticket URL: <http://cvs.mythtv.org/trac/ticket/25>
MythTV <http://www.mythtv.org/>
MythTV


More information about the mythtv-commits mailing list