Opened 18 years ago
Closed 18 years ago
#1459 closed defect (fixed)
Mythbackend SEGV during EIT scan - svn 9246
Reported by: | Owned by: | danielk | |
---|---|---|---|
Priority: | minor | Milestone: | 0.20 |
Component: | mythtv | Version: | head |
Severity: | medium | Keywords: | |
Cc: | Ticket locked: | no |
Description
I can't see this logged elsewhere - #1441 (housekeeping SEGV) and #1453 (recording SEGV) may be relevant but this segv occurs during EIT scan with SVN 9246 - it was not present in 8927.
The failure only seems to occur when the EIT scan hits a channel that is either a weak signal or is temporarily 'off air'. (The EIT scan looks at channels that have been marked as not visible so apart from turning off eit scanning there isn't a workaround.)
I've attached a gdb.txt and the tail end of the mythbackend logs
within gdb.txt I've included the gdb p results for *this & *psip - the psip values show that the _pesdata/_fullbuffer are corrupt. (annotated with [jd] )
The SEGV is triggered by the psip->TableID() - which is invoking the StreamID() in pespacket.h
void ATSCStreamData::DeleteCachedTable(PSIPTable *psip) const { if (!psip) return; QMutexLocker locker(&_cache_lock); if (_cached_ref_cnt[psip] > 0) { _cached_slated_for_deletion[psip] = 1; return; } else if (TableID::MGT == psip->TableID()) [jd] Segfault here
This segfaults because _pesdata is out of bounds:
[jd] p *psip $1 = {<PESPacket> = {_vptr.PESPacket = 0x409f6410, _pesdata = 0x4400a00d <Address 0x4400a00d out of bounds>, _fullbuffer = 0x4400a008 <Address 0x4400a008 out of bounds>, _psiOffset = 4, _ccLast = 2, _pesdataSize = 188, _allocSize = 3948, _badPacket = false}, static PSIP_OFFSET = 8}
I'm just rebuilding with the patch from #1456 - however I won't know if its had any effect for several hours because I have to wait for the scan to hit an off-air channel. I've logged this as medium severity because the backend is failing without user activity and hence will be undetected = missed recordings.
Apologies - there isn't a patch here - I don't understand whats happening yet :)
Attachments (4)
Change History (8)
Changed 18 years ago by
Attachment: | mythbackend.log added |
---|
mythbackend log for session with EIT scanning segfault
comment:1 Changed 18 years ago by
forgot to say that the two lines in mythbackend.log
2006-03-05 14:58:40.067 ATSCcached a 2006-03-05 14:58:40.068 ATSCcached b
are my output from VERBOSE lines I'd inserted into ATSCStreamData::DeleteCachedTable? to confirm the position of the segfault
comment:2 Changed 18 years ago by
I see this error too and Stuart Auchterlonie's backtrace on the dev mailing list from friday shows the same error.
I added some verbose logging in get_4096_block(). The malloc does not fail and I can memset the whole region. I tried setting a watchpoint at mem4096 but without an useful result. (I know the limitations of watchpoints in gdb).
If someone has an idea how to debug this further, Iĺl give it a try.
Changed 18 years ago by
Attachment: | pes_alloc-fix.patch added |
---|
comment:3 Changed 18 years ago by
Attached patch fixes the problem.
my pes_alloc optimization patch freed in use memory
gdb corefile trace from EIT segfault