Opened 18 years ago
Closed 18 years ago
Last modified 18 years ago
#1807 closed defect (fixed)
mythfrontend 0.19-fixes svn 9926 crashing in OSDImageCacheValue::GetSize()
Reported by: | Owned by: | danielk | |
---|---|---|---|
Priority: | minor | Milestone: | unknown |
Component: | mythtv | Version: | 0.19 |
Severity: | medium | Keywords: | |
Cc: | Ticket locked: | no |
Description
Hi,
I just downloaded the latest 9926 svn of 0.19-fixes and I get a 100% repeatable frontend crash whenever I hit the menu key in livetv. Note that the menu works fine on recordings.
I recompiled with debug and got rid of xvmc and friends... in fact I only enable dvb and the debug compile options to reduce the variables. It still 100% reproducable on live-tv only.
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 131080 (LWP 7979)] 0xb7a4474e in OSDImageCacheValue::GetSize (this=0xf3e95c0) at osdimagecache.h:23 23 uint GetSize(void) const { return m_size_in_bytes; }
(gdb) p m_size_in_bytes
Cannot access memory at address 0xa00905be
Not sure why I cannot access m_size_in_bytes... this would seem to be the crux of the problem.
Here's the gdb backtrace:
(gdb) bt
#0 0xb7a4474e in OSDImageCacheValue::GetSize (this=0xf3e95c0) at osdimagecache.h:23 #1 0xb7a4347f in OSDImageCache::Insert (this=0xb7ec49c0, value=0xf3e95c0) at osdimagecache.cpp:224 #2 0xb7a2b25e in OSDTypeImage::LoadImage (this=0x876c4a0, filename=@0xb2a57874, wmult=0.824999988, hmult=1.20208335, scalew=-1, scaleh=-1) at osdtypes.cpp:873 #3 0xb7a3d239 in OSDListBtnType::LoadPixmap (this=0x876c1e0, pix=@0x876c4a0, fileName=@0xb2a57904) at osdlistbtntype.cpp:679 #4 0xb7a3c8bd in OSDListBtnType::Init (this=0x876c1e0) at osdlistbtntype.cpp:601 #5 0xb7a3d98e in OSDListBtnTypeItem (this=0x89324b0, lbtype=0x876c1e0, text=@0xb2a57a64, pixmap=0x0, checkable=false, showArrow=false, state=NotChecked) at osdlistbtntype.cpp:695 #6 0xb7a39ecd in OSDListTreeType::FillLevelFromTree (this=0x834af40, item=0x8979418, level_num=0) at osdlistbtntype.cpp:296 #7 0xb7a39163 in OSDListTreeType::SetAsTree (this=0x834af40, toplevel=0x8979418, select_list=0x0) at osdlistbtntype.cpp:184 #8 0xb7a208b5 in OSD::ShowTreeMenu (this=0x8958bc8, name=@0xb2a57bc4, treeToShow=0x8979418) at osd.cpp:2355 #9 0xb79b1d40 in TV::ShowOSDTreeMenu (this=0xb3a11030) at tv_play.cpp:5532 #10 0xb7996f6b in TV::ProcessKeypress (this=0xb3a11030, e=0xaef00540) at tv_play.cpp:2372
Also:
5
532 OSDListTreeType *tree = GetOSD()->ShowTreeMenu("menu", treeMenu);
The parameters passed to ShowTreeMenu? appear to be a static string "menu" and a treeMenu object which contains the following prior to the SIGSEGV:
(gdb) p *treeMenu $2 = {<GenericTree?> = {_vptr.GenericTree? = 0xb7efe820, m_string = {
static null = {
static null = <same as static member of an already seen type>, d = 0x817ee00, static shared_null = 0x817ee00}, d = 0xaef02c30,
static shared_null = 0x817ee00}, m_int = 0, m_subnodes = 0xaef02dc0,
m_ordered_subnodes = 0xaef02df0, m_flatened_subnodes = 0xaef02e20, m_selected_subnode = 0x0, m_attributes = 0xaef02c48, m_parent = 0x0, m_selectable = false, m_current_ordering_index = -1}, m_image = 0x0,
m_action = {static null = {
static null = <same as static member of an already seen type>, d = 0x817ee00, static shared_null = 0x817ee00}, d = 0xaef02b90,
static shared_null = 0x817ee00}, m_group = {static null = {
static null = <same as static member of an already seen type>, d = 0x817ee00, static shared_null = 0x817ee00}, d = 0xaef02b90,
static shared_null = 0x817ee00}, m_checkable = -1, m_parentButton = 0x0}
The call before the GetSize? looks like this in the debugger:
Breakpoint 1, OSDTypeImage::LoadImage? (this=0x855ede0, filename=@0x855ee34,
wmult=0.824999988, hmult=1.20208335, scalew=-1, scaleh=-1) at osdtypes.cpp:792
792 QString ckey;
I'm running a gentoo system with qt-3.3.4 and a 2.6.15-gentoo-r5 SMP kernel. The card is an old Hauppauge Nova-T DVB-T card with the tda1004x frontend.
If I can be of any more help please do not hesitate to contact me!
Cheers,
Doug
(In [9927]) Fixes #1807. Crash on uninitialized OSD cache pointer in 0.19-fixes.
I was able to reproduce this (through a slightly more circuitus route). It looks like this was do to a lost change in the backport, but I also noticed that this depends on "delete NULL;" being safe. I added a null check before the delete which I'll port back to SVN head.