Opened 19 years ago
Closed 19 years ago
Last modified 18 years ago
#25 closed defect (fixed)
crash in OSDTypeEditSlider::Reinit
| Reported by: | rtsai1111 | Owned by: | Isaac Richards |
|---|---|---|---|
| Priority: | minor | Milestone: | unknown |
| Component: | mythtv | Version: | head |
| Severity: | medium | Keywords: | |
| Cc: | Ticket locked: | no |
Description
I have a slightly defective recording that I can use to consistently crash mythfrontend. mplayer is able to play the file, albeit complaining in the console about CRC failures. The stack trace of mythfrontend is:
(gdb) bt
#0 0x00002aaaadf44705 in raise () from /lib/libc.so.6
#1 0x00002aaaadf45e8e in abort () from /lib/libc.so.6
#2 0x00002aaaadb43606 in __cxa_call_unexpected () from /usr/lib/libstdc++.so.5
#3 0x00002aaaadb43633 in std::terminate () from /usr/lib/libstdc++.so.5
#4 0x00002aaaadb43753 in __cxa_throw () from /usr/lib/libstdc++.so.5
#5 0x00002aaaadb4394f in operator new () from /usr/lib/libstdc++.so.5
#6 0x00002aaaadb43a09 in operator new[] () from /usr/lib/libstdc++.so.5
#7 0x00002aaaab1ac1ad in OSDTypeEditSlider::Reinit (this=0x16be5d0,
wchange=0, hchange=0, wmult=2, hmult=1.4708333) at osdtypes.cpp:1223
#8 0x00002aaaab1a5d83 in OSDSet::Reinit (this=0x16bf560, screenwidth=1280,
screenheight=720, xoff=0, yoff=7, displaywidth=1280, displayheight=706,
wmult=2, hmult=1.4708333, frint=16683) at osdtypes.cpp:194
#9 0x00002aaaab192ff0 in OSD::Reinit (this=0x104cbf0, width=1280, height=720,
frint=16683, dispx=0, dispy=7, dispw=1280, disph=706) at osd.cpp:232
#10 0x00002aaaab1672d5 in NuppelVideoPlayer::ReinitOSD (this=0x697890)
at NuppelVideoPlayer.cpp:441
#11 0x00002aaaab167664 in NuppelVideoPlayer::ReinitVideo (this=0x697890)
at NuppelVideoPlayer.cpp:465
#12 0x00002aaaab168246 in NuppelVideoPlayer::SetVideoParams (this=0x697890,
width=1280, height=720, fps=59.940059940059932, keyframedistance=1,
aspect=1.77777779, scan=kScan_Detect, reinit=true)
at NuppelVideoPlayer.cpp:560
#13 0x00002aaaab18dfeb in AvFormatDecoder::MpegPreProcessPkt (this=0xfdf400,
stream=0x71e6d0, pkt=0x763d90) at avformatdecoder.cpp:1175
#14 0x00002aaaab18f816 in AvFormatDecoder::GetFrame (this=0xfdf400,
onlyvideo=0) at avformatdecoder.cpp:1522
#15 0x00002aaaab16a94b in NuppelVideoPlayer::GetFrame (this=0x697890,
onlyvideo=0, unsafe=false) at NuppelVideoPlayer.cpp:848
#16 0x00002aaaab170e0a in NuppelVideoPlayer::StartPlaying (this=0x697890)
at NuppelVideoPlayer.cpp:2069
#17 0x00002aaaab13d9d1 in SpawnDecode (param=0x697890) at tv_play.cpp:150
#18 0x00002aaaad994b55 in start_thread () from /lib/libpthread.so.0
#19 0x00002aaaadfe7870 in clone () from /lib/libc.so.6
The interesting bits (to my untrained eye) is here:
(gdb) l -
1208 }
1209
1210 void OSDTypeEditSlider::Reinit(float wchange, float hchange, float wmult,
1211 float hmult)
1212 {
1213 int width = (int)(m_displayrect.width() * wchange);
1214 int height = (int)(m_displayrect.height() * hchange);
1215 int x = (int)(m_displayrect.x() * wchange);
1216 int y = (int)(m_displayrect.y() * hchange);
1217
1218 m_displayrect = QRect(x, y, width, height);
1219 m_drawwidth = m_displayrect.width();
1220
1221 delete [] m_drawMap;
1222
1223 m_drawMap = new unsigned char[m_drawwidth + 1];
1224 for (int i = 0; i < m_drawwidth; i++)
1225 m_drawMap[i] = 0;
1226
1227 m_displaypos = m_displayrect.topLeft();
(gdb) p wchange
$12 = 0
(gdb) info locals
width = -2147483648
height = -2147483648
x = -2147483648
y = -2147483648
(gdb) p m_drawwidth
$15 = -2147483648
(gdb) p /x m_drawwidth
$16 = 0x80000000
Because of m_drawwidth having a bogus value, array allocation fails.
If there is any interest in this bug, I'm willing to help debug (e.g., inspecting more variables, etc.), given its ease of reproducibility.
The system is ubuntu hoary AMD64, latest svn.
Conversely, if there is little interest/time in tracking this down, let me know so I can delete this recording :)
Change History (2)
Note: See
TracTickets for help on using
tickets.
(In [6738]) Should fix #25.