Opened 12 years ago

Closed 12 years ago

#4719 closed defect (fixed)

Segfault in CC708Window

Reported by: andrei@… Owned by: danielk
Priority: minor Milestone: unknown
Component: mythtv Version: head
Severity: medium Keywords:
Cc: Ticket locked: no

Description

I've got this segfault after running frontend for several hours (Win32 build), playing ATSC live broadcast.

Program received signal SIGSEGV, Segmentation fault. [Switching to thread 1108.0x15dc] 0x15e14142 in CC708CharacterAttribute::operator== (this=0x3f6d45fc, other=@0x98c) at cc708window.cpp:448 448 (edge_color == other.edge_color)); (gdb) bt #0 0x15e14142 in CC708CharacterAttribute::operator== (this=0x3f6d45fc, other=@0x98c) at cc708window.cpp:448 #1 0x15e14a7f in CC708Window::GetStrings? (this=0x2f405e48) at cc708window.cpp:237 #2 0x1608cd45 in OSDType708CC::Draw (this=0x33e3ecb0, surface=0x3405a5d8) at osdtypes.cpp:2788 #3 0x16092a16 in OSDSet::Draw (this=0x33e3ea38, surface=0x3405a5d8, actuallydraw=true) at osdtypes.cpp:599 #4 0x160621a9 in OSD::Display (this=0x21906a50) at osd.cpp:2602 #5 0x160b50d2 in VideoOutput::DisplayOSD (this=0x21918f78, frame=0x2f3e8ec0, osd=0x21906a50, stride=-1, revision=-1)

at videooutbase.cpp:1701

#6 0x162095d4 in _fu3887_ZN11MythContext13verbose_mutexE () at videoout_d3d.cpp:792 #7 0x15ffe70b in NuppelVideoPlayer::DisplayNormalFrame? (this=0x2f404d10) at NuppelVideoPlayer?.cpp:2724 #8 0x15fff5b4 in _fu2577_ZN11MythContext13verbose_mutexE () at NuppelVideoPlayer?.cpp:2874 #9 0x15fff7b7 in NuppelVideoPlayer::kickoffOutputVideoLoop (player=0x2f404d10) at NuppelVideoPlayer?.cpp:2956

Attachments (1)

backtrace.txt (1.2 KB) - added by andrei@… 12 years ago.

Download all attachments as: .zip

Change History (5)

Changed 12 years ago by andrei@…

Attachment: backtrace.txt added

comment:1 Changed 12 years ago by andrei@…

I think that CC708Window::GetStrings? is missing QMutexLocker locker(&lock);

the "text" array could be modified in CC708Window::DefineWindow? while CC708Window::GetStrings? is running, causing an out-of-bound reference on line 228 (CC708Character &chr = text[j * true_column_count + i];) But I have no idea how CC708 works so it's just an (educated) guess.

comment:2 Changed 12 years ago by danielk

Owner: changed from Isaac Richards to danielk
Status: newassigned

comment:3 Changed 12 years ago by danielk

andrei, if this happens again, or you still have the core, pls send a full backtrace: "thread apply all bt"

comment:4 Changed 12 years ago by danielk

Resolution: fixed
Status: assignedclosed

(In [16171]) Fixes #4719. This should fix the reported segfault, but the backtrace is partial so I'm not 100% sure.

Note: See TracTickets for help on using tickets.