Opened 18 years ago
Closed 18 years ago
#1459 closed defect (fixed)
Mythbackend SEGV during EIT scan - svn 9246
| Reported by: | Owned by: | danielk | |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.20 |
| Component: | mythtv | Version: | head |
| Severity: | medium | Keywords: | |
| Cc: | Ticket locked: | no |
Description
I can't see this logged elsewhere - #1441 (housekeeping SEGV) and #1453 (recording SEGV) may be relevant but this segv occurs during EIT scan with SVN 9246 - it was not present in 8927.
The failure only seems to occur when the EIT scan hits a channel that is either a weak signal or is temporarily 'off air'. (The EIT scan looks at channels that have been marked as not visible so apart from turning off eit scanning there isn't a workaround.)
I've attached a gdb.txt and the tail end of the mythbackend logs
within gdb.txt I've included the gdb p results for *this & *psip - the psip values show that the _pesdata/_fullbuffer are corrupt. (annotated with [jd] )
The SEGV is triggered by the psip->TableID() - which is invoking the StreamID() in pespacket.h
void ATSCStreamData::DeleteCachedTable(PSIPTable *psip) const
{
if (!psip)
return;
QMutexLocker locker(&_cache_lock);
if (_cached_ref_cnt[psip] > 0)
{
_cached_slated_for_deletion[psip] = 1;
return;
}
else if (TableID::MGT == psip->TableID()) [jd] Segfault here
This segfaults because _pesdata is out of bounds:
[jd] p *psip
$1 = {<PESPacket> = {_vptr.PESPacket = 0x409f6410,
_pesdata = 0x4400a00d <Address 0x4400a00d out of bounds>,
_fullbuffer = 0x4400a008 <Address 0x4400a008 out of bounds>,
_psiOffset = 4, _ccLast = 2, _pesdataSize = 188, _allocSize = 3948,
_badPacket = false}, static PSIP_OFFSET = 8}
I'm just rebuilding with the patch from #1456 - however I won't know if its had any effect for several hours because I have to wait for the scan to hit an off-air channel. I've logged this as medium severity because the backend is failing without user activity and hence will be undetected = missed recordings.
Apologies - there isn't a patch here - I don't understand whats happening yet :)
Attachments (4)
Change History (8)
Changed 18 years ago by
| Attachment: | mythbackend.log added |
|---|
mythbackend log for session with EIT scanning segfault
comment:1 Changed 18 years ago by
forgot to say that the two lines in mythbackend.log
2006-03-05 14:58:40.067 ATSCcached a 2006-03-05 14:58:40.068 ATSCcached b
are my output from VERBOSE lines I'd inserted into ATSCStreamData::DeleteCachedTable? to confirm the position of the segfault
comment:2 Changed 18 years ago by
I see this error too and Stuart Auchterlonie's backtrace on the dev mailing list from friday shows the same error.
I added some verbose logging in get_4096_block(). The malloc does not fail and I can memset the whole region. I tried setting a watchpoint at mem4096 but without an useful result. (I know the limitations of watchpoints in gdb).
If someone has an idea how to debug this further, Iĺl give it a try.
Changed 18 years ago by
| Attachment: | pes_alloc-fix.patch added |
|---|
comment:3 Changed 18 years ago by
Attached patch fixes the problem.
my pes_alloc optimization patch freed in use memory
gdb corefile trace from EIT segfault