Opened 10 years ago
Closed 10 years ago
#8590 closed defect (fixed)
Nondeterministic mythcommflag segfaults on trunk
| Reported by: | Owned by: | danielk | |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.24 |
| Component: | MythTV - General | Version: | Master Head |
| Severity: | medium | Keywords: | |
| Cc: | Ticket locked: | no |
Description
This is the second issue in ticket #8547, and is still current on the trunk as of revision 25149. mythcommflag frequently segfaults. When run on the same mpg file it faults in different spots on consecutive runs. Sometimes it will even get through on a file if run enough times on it.
I'm enclosing two gdb runs which show the segfault at different frames when run on the same file. Also, as requested I captured "-v playback" on each run, which are also attached.
Attachments (4)
Change History (11)
comment:1 Changed 10 years ago by
| Milestone: | unknown → 0.24 |
|---|---|
| Version: | Unspecified → Trunk Head |
Looking at the gdb output the segfaults both occur in the same spot, however the code appears to have NULL pointer protection so something isn't quite right.
However you say it sometimes will process the whole way through, and sometimes segfault. It's possible there's some memory corruption happening. Can you run the following
valgrind --error-limit=no --show-reachable=yes --log-file=commflag-valgrind.log -v -- /home/km/svn-myth.qt4.new/trunk/mythtv/programs/mythcommflag/mythcommflag --force -f 3842_20100617220000.mpg -v playback > commflag.log
Please attach the output file commflag-valgrind.log to the ticket.
Thanks.
comment:2 Changed 10 years ago by
| Owner: | changed from Isaac Richards to danielk |
|---|---|
| Status: | new → assigned |
stuarta, I don't think it's memory corruption. I've been tracking this issue here and have a few coredumps, I just haven't had the time to look at the code yet.
comment:3 Changed 10 years ago by
I went ahead and ran the valgrind as suggested.
--- valgrind --error-limit=no --show-reachable=yes --log-file=commflag-valgrind.log -v -- /home/km/svn-myth.qt4.new/trunk/mythtv/programs/mythcommflag/mythcommflag --force -f 3842_20100617220000.mpg -v playback > commflag.log
MythTV Commercial Flagger, started at Mon Jun 21 11:03:35 2010 Flagging commercial breaks for: ChanID Start Time Title Breaks
3842 20100617220000 Royal Pains 99%/4
Finished commercial break flagging at Wed Jun 23 11:16:33 2010
Error in my_thread_global_end(): 1 threads didn't exit
As you see it took 48 hours to run with the memory checking, and didn't segfault. Since it didn't segfault I'm not attaching the logs, let me know if they are needed. I presume the thread didn't exit is not significant.
So to summarize this example. I have posted 2 different runs that segfault at very different frames (but always at the same function call), and a third that gets all the way through when running with memory checking (at an average of less than 1 frame per second).
This is got be some kind of timing thing, maybe a race condition between threads, timing in getting buffers, etc.
Changed 10 years ago by
| Attachment: | ticket8590-commflag-valgrind.log.bz2 added |
|---|
valgrind logs from commflag run
comment:4 Changed 10 years ago by
From looking at the valgrind logs there's definitely a use after free memory case going on.
comment:5 Changed 10 years ago by
It looks like at least one use after free comes from change set 24327 in ClassicCommDetector?.cpp. It introduces a premature delete.
872 delete[] colMax;
873
874 for(int x = commDetectBorder; x < (width - commDetectBorder);
875 x += horizSpacing)
876 if (colMax[x] >= commDetectBoxBrightness)
comment:6 Changed 10 years ago by
I've tested the obvious fix, and it solves the segment fault problem.
*** ClassicCommDetector.cpp.orig 2010-06-24 13:53:28.000000000 -0400
--- ClassicCommDetector.cpp 2010-06-24 13:53:49.000000000 -0400
***************
*** 869,881 ****
leftDarkCol = x;
}
- delete[] colMax;
for(int x = commDetectBorder; x < (width - commDetectBorder);
x += horizSpacing)
if (colMax[x] >= commDetectBoxBrightness)
rightDarkCol = x;
if ((topDarkRow > commDetectBorder) &&
(topDarkRow < (height * .20)) &&
(bottomDarkRow < (height - commDetectBorder)) &&
--- 869,882 ----
leftDarkCol = x;
}
for(int x = commDetectBorder; x < (width - commDetectBorder);
x += horizSpacing)
if (colMax[x] >= commDetectBoxBrightness)
rightDarkCol = x;
+ delete[] colMax;
+
if ((topDarkRow > commDetectBorder) &&
(topDarkRow < (height * .20)) &&
(bottomDarkRow < (height - commDetectBorder)) &&
gdb runs