id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,mlocked 9425,[CRASH] mythtranscode segfault in AudioReencodeBuffer::AddFrames,timowi ,JYA,"rarely I had problems with transcoding some files. With some files transcoding failed every time. I am not sure if other cases are related but now I have a file where transcoding fails every time. I am not familiar with the code but I can help with debugging. I seems in AudioReencodeBuffer::AddFrames the audiobuffer value passed to memset() is not valid. All other values seem valid. backtrace: {{{ #0 0x00007f01a42b2fb0 in memcpy () from /lib/libc.so.6 #1 0x0000000000430355 in AudioReencodeBuffer::AddFrames (this=0xc9adf0, buffer=0x7f019a10a010, frames=1536, timecode=4178) at transcode.cpp:93 #2 0x00007f01ac4b902d in AudioPlayer::AddAudioData (this=0xc69750, buffer=0x7f019a10a010 ""\f"", len=18432, timecode=4178) at audioplayer.cpp:342 #3 0x00007f01ac52b078 in AvFormatDecoder::ProcessAudioPacket (this=0xc9c610, curstream=0xca8da0, pkt=0x132aae0, decodetype=kDecodeAV) at avformatdecoder.cpp:4089 #4 0x00007f01ac53c79e in AvFormatDecoder::GetFrame (this=0xc9c610, decodetype=kDecodeAV) at avformatdecoder.cpp:4374 #5 0x00007f01ac495983 in MythPlayer::TranscodeGetNextFrame (this=0xc4ee50, dm_iter=@0x7fffd0bbe2b0, did_ff=@0x7fffd0bbe2ac, is_key=@0x7fffd0bbe2ab, honorCutList=true) at mythplayer.cpp:4161 #6 0x000000000042eaa1 in Transcode::TranscodeFile (this=0xc376b0, inputname=@0x7fffd0bbfc00, outputname=@0x7fffd0bbfbf0, profileName=@0x7fffd0bbfbe0, honorCutList=true, framecontrol=false, jobID=2122, fifodir= {static null = {}, static shared_null = {ref = {_q_value = 330}, alloc = 0, size = 0, data = 0x7f01a5404efa, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 124}, alloc = 0, size = 0, data = 0x7f01a5404f1a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0x7fffd0bc0140, static codecForCStrings = 0x0}, deleteMap=@0x7fffd0bbfba0) at transcode.cpp:796 #7 0x000000000041c009 in main (argc=8, argv=0x7fffd0bc0508) at main.cpp:642 }}} {{{ tmpbuf = (unsigned char *) 0x7f01987c7010 """" bufsize = 798720 audiobuffer_len = 792576 audiobuffer = (unsigned char *) 0x1052
}}} tmpbuf is created just before the memset with size = bufsize and only audiobuffer_len bytes are copied in the memcpy. The Problem here is only the pointer buffer which is not valid. I have no idea why this is the case but I have a file I can reproduce this with.",Bug Report,closed,minor,0.25,MythTV - Mythtranscode,0.24-fixes,medium,fixed,,,0