[mythtv] Random backend crashes.

Stuart Auchterlonie stuarta at squashedfrog.net
Fri Mar 10 17:25:47 UTC 2006


I've been having these random backend crashes
and so have a few other people.

Finally managed to catch one in the debugger.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1399850064 (LWP 26962)]
0xb7a94699 in PESPacket (this=0xac8fe284, pkt=@0xac8fe2a4) at pespacket.h:83
83      pespacket.h: No such file or directory.
        in pespacket.h

with a bt

(gdb) bt
#0  0xb7a94699 in PESPacket (this=0xac8fe284, pkt=@0xac8fe2a4) at pespacket.h:83
#1  0xb7a94a2e in PSIPTable (this=0xac8fe284, table=@0xac8fe2a4) at mpegtables.h:275
#2  0xb7c7d72f in SIParser::ParseTable (this=0xacf31930, buffer=0xac8fe3b0 "P\uffff\uffff<\uffff\uffff@\uffff0\002#:@Q&\034\uffff-", pid=18)
    at siparser.cpp:529
#3  0xb7c8ab52 in DVBSIParser::StartSectionReader (this=0xacf31930) at dvbsiparser.cpp:299
#4  0xb7c8b143 in DVBSIParser::SystemInfoThread (param=0xacf31930) at dvbsiparser.cpp:102
#5  0xb625bcfd in start_thread () from /lib/tls/libpthread.so.0
#6  0xb60e313e in clone () from /lib/tls/libc.so.6

----

Further digging reveals that the it is fact the pes_alloc call on the previous
line that is returning garbage. as the pesdataSize is 931 (not 932 as per the
pes header, but thats another story), pes_alloc ends up calling get_4096_block
which returns the nonsense.

free4096.empty() is true

(gdb) print mem4096[0]
[Thread -1477321808 (LWP 27135) exited]
$21 = (unsigned char *&) @0x85a99c0: 0xae26e008 <Address 0xae26e008 out of bounds>
(gdb) print mem4096[1]
$22 = (unsigned char *&) @0x85a99c4: 0x8cf4358 "\200l\024\uffff\200l\024\uffff "
(gdb) print mem4096[2]

this first address is the one that corresponds to the bad address causing
the segfault.


Stuart



More information about the mythtv-dev mailing list