Bug#986432: totem: segfault when opening totem
Bernhard Übelacker
bernhardu at mailbox.org
Mon Apr 19 15:31:34 BST 2021
Dear Maintainer,
I tried to have a look and I could reproduce the crash [1].
I think this is caused by a call to gtk_list_store_set
in totem_playlist_steal_current_starttime [2].
There a variadic argument list contains a plain 0,
which might occupy just 32 bit, but gets later interpreted
as gint64, therefore the terminating -1 gets overrun.
A totem package rebuilt with attached patch does not show
the crash inside the test VM.
Kind regards,
Bernhard
[1]
(gdb) bt
#0 strlen () at ../sysdeps/arm/armv6t2/strlen.S:126
#1 0xb6e82878 in g_strdup (str=0x63fca6aa <error: Cannot access memory at address 0x63fca6aa>) at ../../../glib/gstrfuncs.c:363
#2 0xb6f47144 in value_collect_string (value=0xbeffee60, n_collect_values=<optimized out>, collect_values=<optimized out>, collect_flags=<optimized out>) at ../../../gobject/gvaluetypes.c:293
#3 0xb680a3be in gtk_list_store_set_valist_internal (list_store=list_store at entry=0xa0b4c8, iter=iter at entry=0xbeffef44, emit_signal=emit_signal at entry=0xbeffeefc, maybe_need_sort=maybe_need_sort at entry=0xbeffef00, var_args=..., var_args at entry=...) at ../../../../gtk/gtkliststore.c:1033
#4 0xb680ab52 in gtk_list_store_set_valist (list_store=0xa0b4c8, iter=iter at entry=0xbeffef44, var_args=..., var_args at entry=...) at ../../../../gtk/gtkliststore.c:1137
#5 0xb680ac1a in gtk_list_store_set (list_store=<optimized out>, iter=0xbeffef44) at ../../../../gtk/gtkliststore.c:1179
#6 0xb6f91c40 in totem_playlist_steal_current_starttime (playlist=0xa1e100) at ../src/totem-playlist.c:1790
#7 0xb6f8b590 in update_seekable (totem=0x450140) at ../src/totem-object.c:2524
#8 property_notify_cb_seekable (bvw=<optimized out>, spec=<optimized out>, totem=0x450140) at ../src/totem-object.c:2616
#9 0xb6f2b252 in g_closure_invoke (closure=0x6e7048, return_value=return_value at entry=0x0, n_param_values=2, param_values=param_values at entry=0xbefff090, invocation_hint=invocation_hint at entry=0xbefff00c) at ../../../gobject/gclosure.c:810
#10 0xb6f38768 in signal_emit_unlocked_R (node=node at entry=0x448800, detail=105, instance=0xa6e290, emission_return=emission_return at entry=0x0, instance_and_params=instance_and_params at entry=0xbefff090) at ../../../gobject/gsignal.c:3739
#11 0xb6f3ce12 in g_signal_emit_valist (instance=instance at entry=0xa6e290, signal_id=signal_id at entry=1, detail=detail at entry=3204444612, var_args=..., var_args at entry=...) at ../../../gobject/gsignal.c:3495
#12 0xb6f3d0a2 in g_signal_emit (instance=instance at entry=0xa6e290, signal_id=signal_id at entry=1, detail=105) at ../../../gobject/gsignal.c:3551
#13 0xb6f2e33e in g_object_dispatch_properties_changed (object=0xa6e290, n_pspecs=1, pspecs=<optimized out>) at ../../../gobject/gobject.c:1206
#14 0xb6f2faac in g_object_notify_by_spec_internal (pspec=<optimized out>, object=0xa6e290) at ../../../gobject/gobject.c:1299
#15 g_object_notify (object=0xa6e290, property_name=<optimized out>) at ../../../gobject/gobject.c:1347
#16 0xb6f9b9ec in got_time_tick (time_nanos=<optimized out>, bvw=bvw at entry=0xa6e290, play=<optimized out>) at ../src/backend/bacon-video-widget.c:2614
#17 0xb6f9ca02 in bvw_query_timeout (bvw=bvw at entry=0xa6e290) at ../src/backend/bacon-video-widget.c:2830
#18 0xb6fa0792 in bvw_bus_message_cb (bus=<optimized out>, message=<optimized out>, bvw=0xa6e290) at ../src/backend/bacon-video-widget.c:2485
#19 0xb6f2d2e8 in g_cclosure_marshal_VOID__BOXEDv (closure=0xaaf750, return_value=<optimized out>, instance=0x9f8bf0, args=..., marshal_data=0x0, n_params=1, param_types=0x7d1118) at ../../../gobject/gmarshal.c:1686
#20 0xb6f2b3d8 in _g_closure_invoke_va (closure=closure at entry=0xaaf750, return_value=0x0, instance=0x9f8bf0, instance at entry=0x0, args=..., args at entry=..., n_params=n_params at entry=1, param_types=0x7d1118) at ../../../gobject/gclosure.c:873
#21 0xb6f3cef6 in g_signal_emit_valist (instance=0x0, instance at entry=0x9f8bf0, signal_id=<optimized out>, detail=0, detail at entry=3204445364, var_args=..., var_args at entry=...) at ../../../gobject/gsignal.c:3404
#22 0xb6f3d0a2 in g_signal_emit (instance=instance at entry=0x9f8bf0, signal_id=<optimized out>, detail=289) at ../../../gobject/gsignal.c:3551
#23 0xb64b1420 in gst_bus_async_signal_func (bus=0x9f8bf0, message=0xa5405068, data=<optimized out>) at ../gst/gstbus.c:1295
#24 0xb64b2008 in gst_bus_source_dispatch (source=0xa8a388, callback=0xb64b13e5 <gst_bus_async_signal_func>, user_data=0x0) at ../gst/gstbus.c:851
#25 0xb6e6bf4c in g_main_dispatch (context=0x46e678) at ../../../glib/gmain.c:3325
#26 g_main_context_dispatch (context=context at entry=0x46e678) at ../../../glib/gmain.c:4043
#27 0xb6e6c1e0 in g_main_context_iterate (context=context at entry=0x46e678, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../../../glib/gmain.c:4119
#28 0xb6e6c25a in g_main_context_iteration (context=context at entry=0x46e678, may_block=may_block at entry=1) at ../../../glib/gmain.c:4184
#29 0xb6d990a6 in g_application_run (application=0x450140, argc=<optimized out>, argv=0xbefff754) at ../../../gio/gapplication.c:2559
#30 0x00401160 in main (argc=<optimized out>, argv=<optimized out>) at ../src/totem.c:83
[2]
https://sources.debian.org/src/totem/3.38.0-2/src/totem-playlist.c/#L1790
https://gitlab.gnome.org/GNOME/totem/-/commit/159e5ae4e884d85d149bd06866a156935eb43d74.patch
1790 gtk_list_store_set (GTK_LIST_STORE (playlist->priv->model),
1791 &iter,
1792 STARTTIME_COL, 0,
1793 -1);
-------------- next part --------------
# non-persistent Unstable armhf qemu VM 2021-04-18 # https://people.debian.org/~gio/dqib/
apt update
apt dist-upgrade
apt install systemd-coredump tightvncserver jwm net-tools totem
# to speedup testing
mv /etc/manpath.config /etc/manpath.config.renamed
apt install libeatmydata1
export LD_PRELOAD=/usr/lib/arm-linux-gnueabihf/libeatmydata.so
apt install systemd-coredump tightvncserver jwm xterm htop fakeroot mc net-tools totem \
totem-dbgsym libtotem0-dbgsym \
libglib2.0-0-dbgsym \
libgtk-3-0-dbgsym \
libavutil56-dbgsym libavcodec58-dbgsym \
libgstreamer1.0-0-dbgsym gstreamer1.0-libav-dbgsym libgstreamer-plugins-base1.0-0-dbgsym gstreamer1.0-plugins-bad-dbgsym
apt build-dep libgtk-3-0
apt build-dep totem
mkdir /home/benutzer/source/libgtk-3-0/orig -p
cd /home/benutzer/source/libgtk-3-0/orig
apt source libgtk-3-0
cd
mkdir /home/benutzer/source/totem/orig -p
cd /home/benutzer/source/totem/orig
apt source totem
cd
vncserver
benutzer at debian:~$ export DISPLAY=:1
benutzer at debian:~$ totem Terra\ X.Atlantis\ der\ Nordsee2021-04-1221-40.ts
(totem:11799): Gtk-WARNING **: 13:09:44.383: Locale not supported by C library.
Using the fallback 'C' locale.
(totem:11799): Clutter-WARNING **: 13:09:44.724: Locale not supported by C library.
Using the fallback 'C' locale.
Xlib: extension "RANDR" missing on display ":1".
Xlib: extension "RANDR" missing on display ":1".
Xlib: extension "RANDR" missing on display ":1".
Xlib: extension "RANDR" missing on display ":1".
(totem:11799): GLib-GIO-CRITICAL **: 13:09:52.618: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(totem:11799): dconf-WARNING **: 13:09:53.140: failed to commit changes to dconf: Failed to execute child process ?dbus-launch? (No such file or directory)
(totem:11799): dconf-WARNING **: 13:09:54.179: failed to commit changes to dconf: Failed to execute child process ?dbus-launch? (No such file or directory)
(totem:11799): GLib-GIO-CRITICAL **: 13:09:54.662: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(totem:11799): GLib-GIO-CRITICAL **: 13:09:54.666: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(totem:11799): Totem-WARNING **: 13:09:54.688: Failed to acquire screensaver proxy: Failed to execute child process ?dbus-launch? (No such file or directory)
(totem:11799): GLib-GIO-CRITICAL **: 13:09:54.766: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(totem:11799): GLib-GIO-CRITICAL **: 13:09:54.774: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
AL lib: (EE) ALCplaybackAlsa_open: Could not open playback device 'default': No such file or directory
(totem:11799): GLib-GIO-CRITICAL **: 13:09:56.055: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
Segmentation fault (core dumped)
root at debian:~# coredumpctl list
Failed to acquire bus: No such file or directory
TIME PID UID GID SIG COREFILE EXE
Sun 2021-04-18 13:10:51 UTC 11799 1001 1001 11 present /usr/bin/totem
root at debian:~# coredumpctl gdb 11799
Failed to acquire bus: No such file or directory
PID: 11799 (totem)
UID: 1001 (benutzer)
GID: 1001 (benutzer)
Signal: 11 (SEGV)
Timestamp: Sun 2021-04-18 13:10:05 UTC (5min ago)
Command Line: totem Terra X.Atlantis der Nordsee2021-04-1221-40.ts
Executable: /usr/bin/totem
Control Group: /system.slice/ssh.service
Unit: ssh.service
Slice: system.slice
Boot ID: bb5d144b3c86412b9dfe85b1113d9664
Machine ID: d31d71577ccc48658ec70be0715faf05
Hostname: debian
Storage: /var/lib/systemd/coredump/core.totem.1001.bb5d144b3c86412b9dfe85b1113d9664.11799.1618751405000000.zst
Message: Process 11799 (totem) of user 1001 dumped core.
Stack trace of thread 11799:
#0 0x00000000b652c6ae strlen (libc.so.6 + 0x5e6ae)
...
Reading symbols from /usr/bin/totem...
(No debugging symbols found in /usr/bin/totem)
warning: Can't open file /home/benutzer/orcexec.XCDP5p (deleted) during file-backed mapping note processing
warning: Can't open file /SYSV00000000 (deleted) during file-backed mapping note processing
[New LWP 11799]
...
[New LWP 11839]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
--Type <RET> for more, q to quit, c to continue without paging--c
Core was generated by `totem Terra X.Atlantis der Nordsee2021-04-1221-40.ts'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 strlen () at ../sysdeps/arm/armv6t2/strlen.S:126
126 ../sysdeps/arm/armv6t2/strlen.S: No such file or directory.
[Current thread is 1 (Thread 0xb2cd6e00 (LWP 11799))]
(gdb) bt
#0 strlen () at ../sysdeps/arm/armv6t2/strlen.S:126
#1 0xb6dea878 in g_strdup () from /usr/lib/arm-linux-gnueabihf/libglib-2.0.so.0
#2 0xb6eaf144 in ?? () from /usr/lib/arm-linux-gnueabihf/libgobject-2.0.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Core was generated by `totem Terra X.Atlantis der Nordsee2021-04-1221-40.ts'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 strlen () at ../sysdeps/arm/armv6t2/strlen.S:126
126 ../sysdeps/arm/armv6t2/strlen.S: No such file or directory.
[Current thread is 1 (Thread 0xb2cd6e00 (LWP 11799))]
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 strlen () at ../sysdeps/arm/armv6t2/strlen.S:126
#1 0xb6dea878 in g_strdup (str=0xbbb35261 <error: Cannot access memory at address 0xbbb35261>) at ../../../glib/gstrfuncs.c:363
#2 0xb6eaf144 in value_collect_string (value=0xbeff2e80, n_collect_values=<optimized out>, collect_values=<optimized out>, collect_flags=<optimized out>) at ../../../gobject/gvaluetypes.c:293
#3 0xb67723be in gtk_list_store_set_valist_internal (list_store=list_store at entry=0x23c4cb8, iter=iter at entry=0xbeff2f64, emit_signal=emit_signal at entry=0xbeff2f1c, maybe_need_sort=maybe_need_sort at entry=0xbeff2f20, var_args=..., var_args at entry=...) at ../../../../gtk/gtkliststore.c:1033
#4 0xb6772b52 in gtk_list_store_set_valist (list_store=0x23c4cb8, iter=iter at entry=0xbeff2f64, var_args=..., var_args at entry=...) at ../../../../gtk/gtkliststore.c:1137
#5 0xb6772c1a in gtk_list_store_set (list_store=<optimized out>, iter=0xbeff2f64) at ../../../../gtk/gtkliststore.c:1179
#6 0xb6ef9c40 in totem_playlist_steal_current_starttime (playlist=0x23d7118) at ../src/totem-playlist.c:1790
#7 0xb6ef3590 in update_seekable (totem=0x1e0a140) at ../src/totem-object.c:2524
#8 property_notify_cb_seekable (bvw=<optimized out>, spec=<optimized out>, totem=0x1e0a140) at ../src/totem-object.c:2616
#9 0xb6e93252 in g_closure_invoke (closure=0x255c7a0, return_value=return_value at entry=0x0, n_param_values=2, param_values=param_values at entry=0xbeff30b0, invocation_hint=invocation_hint at entry=0xbeff302c) at ../../../gobject/gclosure.c:810
#10 0xb6ea0768 in signal_emit_unlocked_R (node=node at entry=0x1e021c8, detail=105, instance=0x2428258, emission_return=emission_return at entry=0x0, instance_and_params=instance_and_params at entry=0xbeff30b0) at ../../../gobject/gsignal.c:3739
#11 0xb6ea4e12 in g_signal_emit_valist (instance=instance at entry=0x2428258, signal_id=signal_id at entry=1, detail=detail at entry=3204395492, var_args=..., var_args at entry=...) at ../../../gobject/gsignal.c:3495
#12 0xb6ea50a2 in g_signal_emit (instance=instance at entry=0x2428258, signal_id=signal_id at entry=1, detail=105) at ../../../gobject/gsignal.c:3551
#13 0xb6e9633e in g_object_dispatch_properties_changed (object=0x2428258, n_pspecs=1, pspecs=<optimized out>) at ../../../gobject/gobject.c:1206
#14 0xb6e97aac in g_object_notify_by_spec_internal (pspec=<optimized out>, object=0x2428258) at ../../../gobject/gobject.c:1299
#15 g_object_notify (object=0x2428258, property_name=<optimized out>) at ../../../gobject/gobject.c:1347
#16 0xb6f039ec in got_time_tick (time_nanos=<optimized out>, bvw=bvw at entry=0x2428258, play=<optimized out>) at ../src/backend/bacon-video-widget.c:2614
#17 0xb6f04a02 in bvw_query_timeout (bvw=bvw at entry=0x2428258) at ../src/backend/bacon-video-widget.c:2830
#18 0xb6f08792 in bvw_bus_message_cb (bus=<optimized out>, message=<optimized out>, bvw=0x2428258) at ../src/backend/bacon-video-widget.c:2485
#19 0xb6e952e8 in g_cclosure_marshal_VOID__BOXEDv (closure=0x2443bc0, return_value=<optimized out>, instance=0x23b2430, args=..., marshal_data=0x0, n_params=1, param_types=0x2147140) at ../../../gobject/gmarshal.c:1686
#20 0xb6e933d8 in _g_closure_invoke_va (closure=closure at entry=0x2443bc0, return_value=0x0, instance=0x23b2430, instance at entry=0x0, args=..., args at entry=..., n_params=n_params at entry=1, param_types=0x2147140) at ../../../gobject/gclosure.c:873
#21 0xb6ea4ef6 in g_signal_emit_valist (instance=0x0, instance at entry=0x23b2430, signal_id=<optimized out>, detail=0, detail at entry=3204396244, var_args=..., var_args at entry=...) at ../../../gobject/gsignal.c:3404
#22 0xb6ea50a2 in g_signal_emit (instance=instance at entry=0x23b2430, signal_id=<optimized out>, detail=289) at ../../../gobject/gsignal.c:3551
#23 0xb6419420 in gst_bus_async_signal_func (bus=0x23b2430, message=0xa9801c58, data=<optimized out>) at ../gst/gstbus.c:1295
#24 0xb641a008 in gst_bus_source_dispatch (source=0x2468fa0, callback=0xb64193e5 <gst_bus_async_signal_func>, user_data=0x0) at ../gst/gstbus.c:851
#25 0xb6dd3f4c in g_main_dispatch (context=0x1e28e78) at ../../../glib/gmain.c:3325
#26 g_main_context_dispatch (context=context at entry=0x1e28e78) at ../../../glib/gmain.c:4043
#27 0xb6dd41e0 in g_main_context_iterate (context=context at entry=0x1e28e78, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../../../glib/gmain.c:4119
#28 0xb6dd425a in g_main_context_iteration (context=context at entry=0x1e28e78, may_block=may_block at entry=1) at ../../../glib/gmain.c:4184
#29 0xb6d010a6 in g_application_run (application=0x1e0a140, argc=<optimized out>, argv=0xbeff3774) at ../../../gio/gapplication.c:2559
#30 0x004f1160 in main (argc=<optimized out>, argv=<optimized out>) at ../src/totem.c:83
(gdb) up
#1 0xb6dea878 in g_strdup (str=0xbbb35261 <error: Cannot access memory at address 0xbbb35261>) at ../../../glib/gstrfuncs.c:363
(gdb) print str
$1 = (const gchar *) 0xbbb35261 <error: Cannot access memory at address 0xbbb35261>
https://sources.debian.org/src/glib2.0/2.66.8-1/glib/gstrfuncs.c/#L363
(gdb) up
#2 0xb6eaf144 in value_collect_string (value=0xbeff2e80, n_collect_values=<optimized out>, collect_values=<optimized out>, collect_flags=<optimized out>) at ../../../gobject/gvaluetypes.c:293
293 ../../../gobject/gvaluetypes.c: No such file or directory.
(gdb) info local
No locals.
(gdb) print collect_values
$2 = <optimized out>
https://sources.debian.org/src/glib2.0/2.66.8-1/gobject/gvaluetypes.c/#L293
(gdb) up
#3 0xb67723be in gtk_list_store_set_valist_internal (list_store=list_store at entry=0x23c4cb8, iter=iter at entry=0xbeff2f64, emit_signal=emit_signal at entry=0xbeff2f1c, maybe_need_sort=maybe_need_sort at entry=0xbeff2f20, var_args=..., var_args at entry=...) at ../../../../gtk/gtkliststore.c:1033
1033 ../../../../gtk/gtkliststore.c: No such file or directory.
(gdb) info local
g_vci_vtab = 0x1dfc4c4
g_vci_n_values = <optimized out>
g_vci_val = 0xbeff2e80
g_vci_flags = 0
g_vci_collect_format = <optimized out>
g_vci_cvalues = {{v_int = -1145875871, v_long = -1145875871, v_int64 = 3149091425, v_double = 1.5558578887057564e-314, v_pointer = 0xbbb35261}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}}
value = {g_type = 64, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
error = 0x0
priv = 0x23c4c88
column = 3
func = 0x0
__func__ = "gtk_list_store_set_valist_internal"
(gdb) print g_vci_cvalues[0].v_pointer
$6 = (gpointer) 0xbbb35261
https://sources.debian.org/src/gtk+3.0/3.24.24-3/gtk/gtkliststore.c/#L1033
https://sources.debian.org/src/glib2.0/2.66.8-1/gobject/gvaluecollector.h/?hl=73#L88
(gdb) disassemble gtk_list_store_set_valist_internal
Dump of assembler code for function gtk_list_store_set_valist_internal:
0xb680a2dc <+0>: stmdb sp!, {r4, r5, r6, r7, r8, r9, r10, r11, lr}
0xb680a2e0 <+4>: mov r6, r3
0xb680a2e2 <+6>: ldr r5, [pc, #504] ; (0xb680a4dc <gtk_list_store_set_valist_internal+512>)
0xb680a2e4 <+8>: vpush {d8}
0xb680a2e8 <+12>: sub sp, #132 ; 0x84
0xb680a2ea <+14>: vmov s17, r1
0xb680a2ee <+18>: ldr r1, [pc, #496] ; (0xb680a4e0 <gtk_list_store_set_valist_internal+516>)
0xb680a2f0 <+20>: mov r11, r2
0xb680a2f2 <+22>: ldr.w r9, [r0, #12]
0xb680a2f6 <+26>: str r3, [sp, #28]
0xb680a2f8 <+28>: add r1, pc
0xb680a2fa <+30>: ldr r3, [pc, #488] ; (0xb680a4e4 <gtk_list_store_set_valist_internal+520>)
0xb680a2fc <+32>: vmov s16, r0
0xb680a300 <+36>: ldr r4, [sp, #176] ; 0xb0
0xb680a302 <+38>: add r5, pc
0xb680a304 <+40>: ldr r3, [r1, r3]
0xb680a306 <+42>: ldr.w r7, [r4], #4
0xb680a30a <+46>: ldr r3, [r3, #0]
0xb680a30c <+48>: str r3, [sp, #124] ; 0x7c
0xb680a30e <+50>: mov.w r3, #0
0xb680a312 <+54>: bl 0xb6809450 <gtk_list_store_get_compare_func>
0xb680a316 <+58>: ldr r3, [pc, #464] ; (0xb680a4e8 <gtk_list_store_set_valist_internal+524>)
0xb680a318 <+60>: str r0, [sp, #20]
0xb680a31a <+62>: ldr r2, [r5, r3]
0xb680a31c <+64>: str r2, [sp, #24]
0xb680a31e <+66>: cmp r0, r2
0xb680a320 <+68>: beq.n 0xb680a326 <gtk_list_store_set_valist_internal+74>
0xb680a322 <+70>: movs r3, #1
0xb680a324 <+72>: str r3, [r6, #0]
0xb680a326 <+74>: adds r3, r7, #1
0xb680a328 <+76>: beq.w 0xb680a436 <gtk_list_store_set_valist_internal+346>
0xb680a32c <+80>: add r6, sp, #32
0xb680a32e <+82>: mov.w r8, #0
0xb680a332 <+86>: cmp r7, r8
0xb680a334 <+88>: str.w r8, [sp, #32]
0xb680a338 <+92>: strd r8, r8, [r6, #4]
0xb680a33c <+96>: strd r8, r8, [r6, #12]
0xb680a340 <+100>: str.w r8, [r6, #20]
0xb680a344 <+104>: blt.n 0xb680a40c <gtk_list_store_set_valist_internal+304>
0xb680a346 <+106>: add.w r10, sp, #56 ; 0x38
0xb680a34a <+110>: ldr.w r3, [r9, #20]
0xb680a34e <+114>: cmp r3, r7
0xb680a350 <+116>: ble.n 0xb680a40c <gtk_list_store_set_valist_internal+304>
0xb680a352 <+118>: ldr.w r3, [r9, #12]
0xb680a356 <+122>: ldr.w r0, [r3, r7, lsl #2]
0xb680a35a <+126>: blx 0xb66cba3c <g_type_value_table_peek at plt>
0xb680a35e <+130>: mov r3, r0
0xb680a360 <+132>: movs r2, #64 ; 0x40
0xb680a362 <+134>: str r0, [sp, #16]
0xb680a364 <+136>: movs r1, #0
0xb680a366 <+138>: mov r0, r10
0xb680a368 <+140>: ldr r5, [r3, #16]
0xb680a36a <+142>: blx 0xb66c82ec <memset at plt+4>
0xb680a36e <+146>: ldr.w r2, [r9, #12]
0xb680a372 <+150>: ldr.w r2, [r2, r7, lsl #2]
0xb680a376 <+154>: str r2, [sp, #32]
0xb680a378 <+156>: ldrb r3, [r5, #0]
0xb680a37a <+158>: cmp r3, #0
0xb680a37c <+160>: beq.w 0xb680a484 <gtk_list_store_set_valist_internal+424>
0xb680a380 <+164>: mov r2, r10
0xb680a382 <+166>: rsb r0, r5, #1
0xb680a386 <+170>: subs r3, #100 ; 0x64
0xb680a388 <+172>: adds r1, r0, r5
0xb680a38a <+174>: cmp r3, #13
0xb680a38c <+176>: bhi.w 0xb680a4bc <gtk_list_store_set_valist_internal+480>
0xb680a390 <+180>: tbb [pc, r3]
0xb680a394 <+184>: str r4, [sp, #416] ; 0x1a0
0xb680a396 <+186>: str r4, [sp, #592] ; 0x250
0xb680a398 <+188>: lsls r4, r2, #30
0xb680a39a <+190>: str r4, [sp, #592] ; 0x250
0xb680a39c <+192>: str r4, [sp, #28]
0xb680a39e <+194>: str r4, [sp, #592] ; 0x250
0xb680a3a0 <+196>: str r7, [r0, #0]
0xb680a3a2 <+198>: ldr.w r3, [r4], #4
0xb680a3a6 <+202>: str r3, [r2, #0]
0xb680a3a8 <+204>: ldrb.w r3, [r5, #1]!
0xb680a3ac <+208>: adds r2, #8
0xb680a3ae <+210>: cmp r3, #0
0xb680a3b0 <+212>: bne.n 0xb680a386 <gtk_list_store_set_valist_internal+170>
0xb680a3b2 <+214>: ldr r3, [sp, #16]
0xb680a3b4 <+216>: mov r2, r10
0xb680a3b6 <+218>: mov r0, r6
0xb680a3b8 <+220>: ldr r5, [r3, #20]
0xb680a3ba <+222>: movs r3, #0
0xb680a3bc <+224>: blx r5
0xb680a3be <+226>: cmp r0, #0
0xb680a3c0 <+228>: bne.n 0xb680a488 <gtk_list_store_set_valist_internal+428>
0xb680a3c2 <+230>: mov r3, r6
0xb680a3c4 <+232>: str r0, [sp, #0]
0xb680a3c6 <+234>: vmov r1, s17
0xb680a3ca <+238>: vmov r0, s16
0xb680a3ce <+242>: mov r2, r7
0xb680a3d0 <+244>: bl 0xb680a020 <gtk_list_store_real_set_value>
0xb680a3d4 <+248>: movs r3, #1
0xb680a3d6 <+250>: cbnz r0, 0xb680a3e2 <gtk_list_store_set_valist_internal+262>
0xb680a3d8 <+252>: ldr.w r3, [r11]
0xb680a3dc <+256>: subs r3, #0
0xb680a3de <+258>: it ne
0xb680a3e0 <+260>: movne r3, #1
0xb680a3e2 <+262>: str.w r3, [r11]
0xb680a3e6 <+266>: ldrd r3, r2, [sp, #20]
0xb680a3ea <+270>: cmp r3, r2
0xb680a3ec <+272>: beq.n 0xb680a474 <gtk_list_store_set_valist_internal+408>
0xb680a3ee <+274>: mov r0, r6
0xb680a3f0 <+276>: blx 0xb66cc89c <g_value_unset at plt>
0xb680a3f4 <+280>: ldr.w r7, [r4], #4
0xb680a3f8 <+284>: adds r2, r7, #1
0xb680a3fa <+286>: beq.n 0xb680a436 <gtk_list_store_set_valist_internal+346>
0xb680a3fc <+288>: cmp r7, #0
0xb680a3fe <+290>: strd r8, r8, [r6]
0xb680a402 <+294>: strd r8, r8, [r6, #8]
0xb680a406 <+298>: strd r8, r8, [r6, #16]
0xb680a40a <+302>: bge.n 0xb680a34a <gtk_list_store_set_valist_internal+110>
0xb680a40c <+304>: ldr r0, [pc, #220] ; (0xb680a4ec <gtk_list_store_set_valist_internal+528>)
0xb680a40e <+306>: movs r1, #16
0xb680a410 <+308>: ldr r2, [pc, #220] ; (0xb680a4f0 <gtk_list_store_set_valist_internal+532>)
0xb680a412 <+310>: ldr r4, [pc, #224] ; (0xb680a4f4 <gtk_list_store_set_valist_internal+536>)
0xb680a414 <+312>: add r0, pc
0xb680a416 <+314>: add r2, pc
0xb680a418 <+316>: add.w r0, r0, #352 ; 0x160
0xb680a41c <+320>: ldr r3, [pc, #216] ; (0xb680a4f8 <gtk_list_store_set_valist_internal+540>)
0xb680a41e <+322>: add r4, pc
0xb680a420 <+324>: strd r2, r7, [sp, #8]
0xb680a424 <+328>: strd r0, r4, [sp]
0xb680a428 <+332>: add r3, pc
0xb680a42a <+334>: ldr r2, [pc, #208] ; (0xb680a4fc <gtk_list_store_set_valist_internal+544>)
0xb680a42c <+336>: ldr r0, [pc, #208] ; (0xb680a500 <gtk_list_store_set_valist_internal+548>)
0xb680a42e <+338>: add r2, pc
0xb680a430 <+340>: add r0, pc
0xb680a432 <+342>: blx 0xb66cb0c8 <g_log_structured_standard at plt+4>
0xb680a436 <+346>: ldr r2, [pc, #204] ; (0xb680a504 <gtk_list_store_set_valist_internal+552>)
0xb680a438 <+348>: ldr r3, [pc, #168] ; (0xb680a4e4 <gtk_list_store_set_valist_internal+520>)
0xb680a43a <+350>: add r2, pc
0xb680a43c <+352>: ldr r3, [r2, r3]
0xb680a43e <+354>: ldr r2, [r3, #0]
0xb680a440 <+356>: ldr r3, [sp, #124] ; 0x7c
0xb680a442 <+358>: eors r2, r3
0xb680a444 <+360>: mov.w r3, #0
0xb680a448 <+364>: bne.n 0xb680a4d8 <gtk_list_store_set_valist_internal+508>
0xb680a44a <+366>: add sp, #132 ; 0x84
0xb680a44c <+368>: vpop {d8}
0xb680a450 <+372>: ldmia.w sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc}
0xb680a454 <+376>: adds r4, #7
0xb680a456 <+378>: bic.w r4, r4, #7
0xb680a45a <+382>: vldmia r4!, {d7}
0xb680a45e <+386>: vstr d7, [r2]
0xb680a462 <+390>: b.n 0xb680a3a8 <gtk_list_store_set_valist_internal+204>
0xb680a464 <+392>: adds r4, #7
0xb680a466 <+394>: bic.w r4, r4, #7
0xb680a46a <+398>: vldmia r4!, {d7}
0xb680a46e <+402>: vstr d7, [r2]
0xb680a472 <+406>: b.n 0xb680a3a8 <gtk_list_store_set_valist_internal+204>
0xb680a474 <+408>: ldr.w r3, [r9, #24]
0xb680a478 <+412>: cmp r3, r7
0xb680a47a <+414>: ittt eq
0xb680a47c <+416>: moveq r3, #1
0xb680a47e <+418>: ldreq r2, [sp, #28]
0xb680a480 <+420>: streq r3, [r2, #0]
0xb680a482 <+422>: b.n 0xb680a3ee <gtk_list_store_set_valist_internal+274>
0xb680a484 <+424>: mov r1, r3
0xb680a486 <+426>: b.n 0xb680a3b2 <gtk_list_store_set_valist_internal+214>
0xb680a488 <+428>: ldr r2, [pc, #124] ; (0xb680a508 <gtk_list_store_set_valist_internal+556>)
0xb680a48a <+430>: mov r5, r0
0xb680a48c <+432>: ldr r1, [pc, #124] ; (0xb680a50c <gtk_list_store_set_valist_internal+560>)
0xb680a48e <+434>: ldr r0, [pc, #128] ; (0xb680a510 <gtk_list_store_set_valist_internal+564>)
0xb680a490 <+436>: add r2, pc
0xb680a492 <+438>: add r1, pc
0xb680a494 <+440>: add.w r2, r2, #352 ; 0x160
0xb680a498 <+444>: add r0, pc
0xb680a49a <+446>: strd r2, r1, [sp]
0xb680a49e <+450>: strd r0, r5, [sp, #8]
0xb680a4a2 <+454>: movs r1, #16
0xb680a4a4 <+456>: ldr r3, [pc, #108] ; (0xb680a514 <gtk_list_store_set_valist_internal+568>)
0xb680a4a6 <+458>: ldr r2, [pc, #112] ; (0xb680a518 <gtk_list_store_set_valist_internal+572>)
0xb680a4a8 <+460>: ldr r0, [pc, #112] ; (0xb680a51c <gtk_list_store_set_valist_internal+576>)
0xb680a4aa <+462>: add r3, pc
0xb680a4ac <+464>: add r2, pc
0xb680a4ae <+466>: add r0, pc
0xb680a4b0 <+468>: blx 0xb66cb0c8 <g_log_structured_standard at plt+4>
0xb680a4b4 <+472>: mov r0, r5
0xb680a4b6 <+474>: blx 0xb66c9efc <g_free at plt+4>
0xb680a4ba <+478>: b.n 0xb680a436 <gtk_list_store_set_valist_internal+346>
0xb680a4bc <+480>: ldr r3, [pc, #96] ; (0xb680a520 <gtk_list_store_set_valist_internal+580>)
0xb680a4be <+482>: movs r2, #0
0xb680a4c0 <+484>: ldr r1, [pc, #96] ; (0xb680a524 <gtk_list_store_set_valist_internal+584>)
0xb680a4c2 <+486>: ldr r0, [pc, #100] ; (0xb680a528 <gtk_list_store_set_valist_internal+588>)
0xb680a4c4 <+488>: add r3, pc
0xb680a4c6 <+490>: str r2, [sp, #0]
0xb680a4c8 <+492>: add r1, pc
0xb680a4ca <+494>: add r0, pc
0xb680a4cc <+496>: add.w r3, r3, #352 ; 0x160
0xb680a4d0 <+500>: movw r2, #1033 ; 0x409
0xb680a4d4 <+504>: blx 0xb66cc3b0 <g_assertion_message_expr at plt>
0xb680a4d8 <+508>: blx 0xb66c9bec <__stack_chk_fail at plt>
0xb680a4dc <+512>: lsls r2, r4, #15
0xb680a4de <+514>: movs r7, r7
0xb680a4e0 <+516>: lsls r4, r5, #15
0xb680a4e2 <+518>: movs r7, r7
0xb680a4e4 <+520>: movs r4, #196 ; 0xc4
0xb680a4e6 <+522>: movs r0, r0
0xb680a4e8 <+524>: cmp r1, #0
0xb680a4ea <+526>: movs r0, r0
0xb680a4ec <+528>: stmia r0!, {r6}
0xb680a4ee <+530>: movs r7, r2
0xb680a4f0 <+532>: pop {r1, r4, r5, r7, pc}
0xb680a4f2 <+534>: movs r7, r2
0xb680a4f4 <+536>: pop {r1, r2, r3, r6, r7, pc}
0xb680a4f6 <+538>: movs r7, r2
0xb680a4f8 <+540>: pop {r3, r4, r7, pc}
0xb680a4fa <+542>: movs r7, r2
0xb680a4fc <+544>: cbnz r6, 0xb680a57c <gtk_list_store_get_value+80>
0xb680a4fe <+546>: movs r7, r2
0xb680a500 <+548>: strh r4, [r5, #14]
0xb680a502 <+550>: movs r3, r2
0xb680a504 <+552>: lsls r2, r5, #10
0xb680a506 <+554>: movs r7, r7
0xb680a508 <+556>: itt gt
0xb680a50a <+558>: movgt r7, r2
0xb680a50c <+560>: strhgt r2, [r0, #46] ; 0x2e
0xb680a50e <+562>: movs r5, r2
0xb680a510 <+564>: pop {r3, r4, r5, r7, pc}
0xb680a512 <+566>: movs r7, r2
0xb680a514 <+568>: pop {r1, r2, r3, r4, r7, pc}
0xb680a516 <+570>: movs r7, r2
0xb680a518 <+572>: cbnz r0, 0xb680a57a <gtk_list_store_get_value+78>
0xb680a51a <+574>: movs r7, r2
0xb680a51c <+576>: strh r6, [r5, #10]
0xb680a51e <+578>: movs r3, r2
0xb680a520 <+580>: nop {9}
0xb680a522 <+582>: movs r7, r2
0xb680a524 <+584>: cbnz r4, 0xb680a57e <gtk_list_store_get_value+82>
0xb680a526 <+586>: movs r7, r2
0xb680a528 <+588>: strh r2, [r2, #10]
0xb680a52a <+590>: movs r3, r2
End of assembler dump.
https://sources.debian.org/src/totem/3.38.0-2/src/totem-playlist.c/#L1790
tb bvw_bus_message_cb
b *(gtk_list_store_set_valist_internal+146)
display g_vci_cvalues[0].v_pointer
display &g_vci_cvalues[0].v_pointer
watch *0xbeffee48
(gdb) watch *0xbeffee48
Watchpoint 5: *0xbeffee48
(gdb) cont
Continuing.
[Switching to Thread 0x924051e0 (LWP 12498)]
Thread 42 "multiqueue0:src" hit Watchpoint 5: *0xbeffee48
Old value = 0
New value = -1
__pthread_disable_asynccancel (oldtype=oldtype at entry=0) at cancellation.c:86
86 cancellation.c: No such file or directory.
1: x/i $pc
=> 0xb5d6a32e <__pthread_disable_asynccancel+46>: cmp r3, r1
(gdb) bt
#0 __pthread_disable_asynccancel (oldtype=oldtype at entry=0) at cancellation.c:86
#1 0xb5d67120 in futex_wait_cancelable (private=0, expected=0, futex_word=0xa2e19720) at ../sysdeps/nptl/futex-internal.h:187
#2 __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0xa2e196dc, cond=0xa2e196f8) at pthread_cond_wait.c:508
#3 __pthread_cond_wait (cond=0xa2e196f8, mutex=0xa2e196dc) at pthread_cond_wait.c:638
#4 0x96e55ebc in ?? () from /usr/lib/arm-linux-gnueabihf/libavutil.so.56
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) cont
Continuing.
[Switching to Thread 0x9aece1e0 (LWP 12491)]
Thread 35 "multiqueue0:src" hit Watchpoint 6: *0xbeffee48
Old value = 0
New value = 234051257
0x96e55fd2 in avpriv_slicethread_execute () from /usr/lib/arm-linux-gnueabihf/libavutil.so.56
1: x/i $pc
=> 0x96e55fd2 <avpriv_slicethread_execute+98>: add.w r9, r4, #4
(gdb) bt
#0 0x96e55fd2 in avpriv_slicethread_execute () from /usr/lib/arm-linux-gnueabihf/libavutil.so.56
#1 0x9754978e in ?? () from /usr/lib/arm-linux-gnueabihf/libavcodec.so.58
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) bt
#0 0x96e55fd2 in avpriv_slicethread_execute (ctx=0xa2e195f0, nb_jobs=<optimized out>, execute_main=<optimized out>) at src/libavutil/slicethread.c:179
#1 0x9754978e in thread_execute (avctx=<optimized out>, func=0x974bd45d <slice_decode_thread>, arg=<optimized out>, ret=<optimized out>, job_count=8, job_size=4) at src/libavcodec/pthread_slice.c:110
#2 0x974bc358 in decode_chunks (avctx=avctx at entry=0xa2e14f40, picture=picture at entry=0xa2e18550, got_output=got_output at entry=0x9aecd1b4, buf=0x8f0930f8 "", buf_size=36868) at src/libavcodec/mpeg12dec.c:2485
#3 0x974bd2de in mpeg_decode_frame (avctx=0xa2e14f40, data=0xa2e18550, got_output=0x9aecd1b4, avpkt=<optimized out>) at src/libavcodec/mpeg12dec.c:2844
#4 0x9728c312 in decode_simple_internal (frame=<optimized out>, avctx=<optimized out>) at src/libavcodec/decode.c:342
#5 decode_simple_receive_frame (frame=<optimized out>, avctx=<optimized out>) at src/libavcodec/decode.c:538
#6 decode_receive_frame_internal (avctx=avctx at entry=0xa2e14f40, frame=0xa2e18550) at src/libavcodec/decode.c:556
#7 0x9728cb1a in avcodec_send_packet (avctx=0xa2e14f40, avpkt=avpkt at entry=0x9aecd290) at src/libavcodec/decode.c:614
#8 0x98644844 in gst_ffmpegviddec_handle_frame (decoder=0xa2e15bd0, frame=0x103c150) at ../ext/libav/gstavviddec.c:1919
#9 0xb6375238 in gst_video_decoder_decode_frame (decoder=decoder at entry=0xa2e15bd0, frame=0x103c150) at ../gst-libs/gst/video/gstvideodecoder.c:3567
#10 0xb637a076 in gst_video_decoder_chain_forward (decoder=decoder at entry=0xa2e15bd0, buf=buf at entry=0xeb1bf0, at_eos=at_eos at entry=0) at ../gst-libs/gst/video/gstvideodecoder.c:2273
#11 0xb637a558 in gst_video_decoder_chain (pad=<optimized out>, parent=0xa2e15bd0, buf=0xeb1bf0) at ../gst-libs/gst/video/gstvideodecoder.c:2588
#12 0xb64da2ce in gst_pad_chain_data_unchecked (pad=pad at entry=0xa4b08840, type=type at entry=4112, data=<optimized out>, data at entry=0xeb1bf0) at ../gst/gstpad.c:4399
#13 0xb64dbcf2 in gst_pad_push_data (pad=pad at entry=0xe6f0a8, type=type at entry=4112, data=data at entry=0xeb1bf0) at ../gst/gstpad.c:4655
#14 0xb64e1ad2 in gst_pad_push (pad=0xe6f0a8, buffer=buffer at entry=0xeb1bf0) at ../gst/gstpad.c:4774
#15 0xb58188d0 in gst_base_parse_push_frame (parse=parse at entry=0xe6e070, frame=frame at entry=0xa2e036c0) at ../libs/gst/base/gstbaseparse.c:2589
#16 0xb581add2 in gst_base_parse_handle_and_push_frame (frame=0xa2e036c0, parse=0xe6e070) at ../libs/gst/base/gstbaseparse.c:2440
#17 0x9a6a56e0 in gst_mpegv_parse_handle_frame (parse=0xe6e070, frame=0xa2e036c0, skipsize=<optimized out>) at ../gst/videoparsers/gstmpegvideoparse.c:731
#18 0xb5814642 in gst_base_parse_handle_buffer (parse=parse at entry=0xe6e070, buffer=<optimized out>, skip=skip at entry=0x9aecd880, flushed=flushed at entry=0x9aecd884) at ../libs/gst/base/gstbaseparse.c:2248
#19 0xb5819212 in gst_base_parse_chain (pad=<optimized out>, parent=0xe6e070, buffer=<optimized out>) at ../libs/gst/base/gstbaseparse.c:3297
#20 0xb64da2ce in gst_pad_chain_data_unchecked (pad=pad at entry=0x9b959db0, type=type at entry=4112, data=<optimized out>, data at entry=0xf088a8) at ../gst/gstpad.c:4399
#21 0xb64dbcf2 in gst_pad_push_data (pad=pad at entry=0x7e3a78, type=type at entry=4112, data=data at entry=0xf088a8) at ../gst/gstpad.c:4655
#22 0xb64e1ad2 in gst_pad_push (pad=pad at entry=0x7e3a78, buffer=buffer at entry=0xf088a8) at ../gst/gstpad.c:4774
#23 0xa874eb0a in gst_single_queue_push_one (allow_drop=<synthetic pointer>, object=0xf088a8, sq=0xe6b950, mq=<optimized out>) at ../plugins/elements/gstmultiqueue.c:1925
#24 gst_multi_queue_loop (pad=<optimized out>) at ../plugins/elements/gstmultiqueue.c:2252
#25 0xb650790c in gst_task_func (task=0xe34028) at ../gst/gsttask.c:328
#26 0xb6e89b1e in g_thread_pool_thread_proxy (data=<optimized out>) at ../../../glib/gthreadpool.c:354
#27 0xb6e893aa in g_thread_proxy (data=0xcefeb0) at ../../../glib/gthread.c:820
#28 0xb5d6198e in start_thread (arg=0x968d2e94 <cmu_us_kal_res+153644>) at pthread_create.c:477
#29 0xb6606bec in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:73 from /lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Thread 1 "totem" hit Breakpoint 2, gtk_list_store_set_valist_internal (list_store=list_store at entry=0xa0b4c8, iter=iter at entry=0xbeffef44, emit_signal=emit_signal at entry=0xbeffeefc, maybe_need_sort=maybe_need_sort at entry=0xbeffef00, var_args=..., var_args at entry=...) at ../../../../gtk/gtkliststore.c:1033
1033 ../../../../gtk/gtkliststore.c: No such file or directory.
(gdb) display g_vci_cvalues[0].v_pointer
1: g_vci_cvalues[0].v_pointer = (gpointer) 0x0
(gdb) display &g_vci_cvalues[0].v_pointer
2: &g_vci_cvalues[0].v_pointer = (gpointer *) 0xbeffee78
(gdb) watch *0xbeffee48
Watchpoint 3: *0xbeffee48
gdb -q --args totem Terra\ X.Atlantis\ der\ Nordsee2021-04-1221-40.ts
set width 0
set pagination off
display/i $pc
tb bvw_query_timeout
y
run
b *(gtk_list_store_set_valist_internal+146)
cont
display g_vci_cvalues[0].v_pointer
display &g_vci_cvalues[0].v_pointer
watch *0xbeffee48
finish
benutzer at debian:~$ valgrind totem Terra\ X.Atlantis\ der\ Nordsee2021-04-1221-40.ts
==12826== Memcheck, a memory error detector
==12826== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==12826== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==12826== Command: totem Terra\ X.Atlantis\ der\ Nordsee2021-04-1221-40.ts
==12826==
disInstr(thumb): unhandled instruction: 0xEC51 0x0F1E
==12826== valgrind: Unrecognised instruction at address 0x9497927.
==12826== at 0x9497926: ??? (in /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.1)
==12826== Your program just tried to execute an instruction that Valgrind
==12826== did not recognise. There are two possible reasons for this.
==12826== 1. Your program has a bug and erroneously jumped to a non-code
==12826== location. If you are running Memcheck and you just saw a
==12826== warning about a bad jump, it's probably your program's fault.
==12826== 2. The instruction is legitimate but Valgrind doesn't handle it,
==12826== i.e. it's Valgrind's fault. If you think this is the case or
==12826== you are not sure, please let us know and we'll try to fix it.
==12826== Either way, Valgrind will now raise a SIGILL signal which will
==12826== probably kill your program.
(totem:12826): Gtk-WARNING **: 15:50:29.546: Locale not supported by C library.
Using the fallback 'C' locale.
==12828== Warning: invalid file descriptor 1024 in syscall close()
==12828== Warning: invalid file descriptor 1025 in syscall close()
==12828== Warning: invalid file descriptor 1026 in syscall close()
==12828== Warning: invalid file descriptor 1027 in syscall close()
==12828== Use --log-fd=<number> to select an alternative log fd.
==12828== Warning: invalid file descriptor 1028 in syscall close()
==12828== Warning: invalid file descriptor 1029 in syscall close()
==12828==
==12828== HEAP SUMMARY:
==12828== in use at exit: 366,582 bytes in 6,869 blocks
==12828== total heap usage: 9,588 allocs, 2,719 frees, 686,051 bytes allocated
==12828==
==12828== LEAK SUMMARY:
==12828== definitely lost: 0 bytes in 0 blocks
==12828== indirectly lost: 0 bytes in 0 blocks
==12828== possibly lost: 1,104 bytes in 26 blocks
==12828== still reachable: 339,150 bytes in 6,469 blocks
==12828== of which reachable via heuristic:
==12828== newarray : 1,788 bytes in 59 blocks
==12828== suppressed: 0 bytes in 0 blocks
==12828== Rerun with --leak-check=full to see details of leaked memory
==12828==
==12828== For lists of detected and suppressed errors, rerun with: -s
==12828== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
(totem:12826): Clutter-WARNING **: 15:50:46.560: Locale not supported by C library.
Using the fallback 'C' locale.
Xlib: extension "RANDR" missing on display ":1".
Xlib: extension "RANDR" missing on display ":1".
Xlib: extension "RANDR" missing on display ":1".
Xlib: extension "RANDR" missing on display ":1".
--12826-- WARNING: unhandled arm-linux syscall: 381
--12826-- You may be able to write your own handler.
--12826-- Read the file README_MISSING_SYSCALL_OR_IOCTL.
--12826-- Nevertheless we consider this a bug. Please report
--12826-- it at http://valgrind.org/support/bug_reports.html.
==12852== Warning: invalid file descriptor 1024 in syscall close()
==12852== Warning: invalid file descriptor 1025 in syscall close()
==12852== Warning: invalid file descriptor 1026 in syscall close()
==12852== Warning: invalid file descriptor 1027 in syscall close()
==12852== Use --log-fd=<number> to select an alternative log fd.
==12852== Warning: invalid file descriptor 1028 in syscall close()
==12852== Warning: invalid file descriptor 1029 in syscall close()
==12852==
==12852== HEAP SUMMARY:
==12852== in use at exit: 6,582,867 bytes in 42,702 blocks
==12852== total heap usage: 370,816 allocs, 328,114 frees, 81,862,021 bytes allocated
==12852==
==12852== LEAK SUMMARY:
==12852== definitely lost: 9,736 bytes in 6 blocks
==12852== indirectly lost: 0 bytes in 0 blocks
==12852== possibly lost: 100,237 bytes in 1,261 blocks
==12852== still reachable: 6,383,198 bytes in 40,553 blocks
==12852== of which reachable via heuristic:
==12852== newarray : 2,752 bytes in 112 blocks
==12852== suppressed: 0 bytes in 0 blocks
==12852== Rerun with --leak-check=full to see details of leaked memory
==12852==
==12852== For lists of detected and suppressed errors, rerun with: -s
==12852== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==12853== Warning: invalid file descriptor 1024 in syscall close()
==12853== Warning: invalid file descriptor 1025 in syscall close()
==12853== Warning: invalid file descriptor 1026 in syscall close()
==12853== Warning: invalid file descriptor 1027 in syscall close()
==12853== Use --log-fd=<number> to select an alternative log fd.
==12853== Warning: invalid file descriptor 1028 in syscall close()
==12853== Warning: invalid file descriptor 1029 in syscall close()
==12853==
==12853== HEAP SUMMARY:
==12853== in use at exit: 6,815,308 bytes in 46,185 blocks
==12853== total heap usage: 378,468 allocs, 332,283 frees, 82,451,283 bytes allocated
==12853==
==12853== LEAK SUMMARY:
==12853== definitely lost: 11,796 bytes in 9 blocks
==12853== indirectly lost: 12 bytes in 1 blocks
==12853== possibly lost: 99,949 bytes in 1,260 blocks
==12853== still reachable: 6,605,035 bytes in 43,988 blocks
==12853== of which reachable via heuristic:
==12853== newarray : 2,752 bytes in 112 blocks
==12853== suppressed: 0 bytes in 0 blocks
==12853== Rerun with --leak-check=full to see details of leaked memory
==12853==
==12853== For lists of detected and suppressed errors, rerun with: -s
==12853== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==12826== Syscall param writev(vector[...]) points to uninitialised byte(s)
==12826== at 0x51DAC66: __libc_do_syscall (libc-do-syscall.S:47)
==12826== by 0x525B4DB: __writev (writev.c:26)
==12826== by 0x525B4DB: writev (writev.c:24)
==12826== by 0x5C1F08D: ??? (in /usr/lib/arm-linux-gnueabihf/libxcb.so.1.1.0)
==12826== Address 0x8b3fb0f is 839 bytes inside a block of size 16,384 alloc'd
==12826== at 0x48432E4: calloc (vg_replace_malloc.c:760)
==12826== by 0x4B4D953: XOpenDisplay (in /usr/lib/arm-linux-gnueabihf/libX11.so.6.4.0)
==12826==
==12856== Warning: invalid file descriptor 1024 in syscall close()
==12856== Warning: invalid file descriptor 1025 in syscall close()
==12856== Warning: invalid file descriptor 1026 in syscall close()
==12856== Warning: invalid file descriptor 1027 in syscall close()
==12856== Use --log-fd=<number> to select an alternative log fd.
==12856== Warning: invalid file descriptor 1028 in syscall close()
==12856== Warning: invalid file descriptor 1029 in syscall close()
==12856==
==12856== HEAP SUMMARY:
==12856== in use at exit: 10,366,789 bytes in 82,063 blocks
==12856== total heap usage: 499,480 allocs, 417,417 frees, 92,155,864 bytes allocated
==12856==
==12856== LEAK SUMMARY:
==12856== definitely lost: 35,112 bytes in 29 blocks
==12856== indirectly lost: 28,018 bytes in 1,137 blocks
==12856== possibly lost: 107,231 bytes in 1,336 blocks
==12856== still reachable: 9,733,932 bytes in 74,490 blocks
==12856== of which reachable via heuristic:
==12856== newarray : 8,697 bytes in 308 blocks
==12856== suppressed: 0 bytes in 0 blocks
==12856== Rerun with --leak-check=full to see details of leaked memory
==12856==
==12856== Use --track-origins=yes to see where uninitialised values come from
==12856== For lists of detected and suppressed errors, rerun with: -s
==12856== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
(totem:12826): GLib-GIO-CRITICAL **: 15:55:54.773: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(totem:12826): dconf-WARNING **: 15:56:15.666: failed to commit changes to dconf: Failed to execute child process ?dbus-launch? (No such file or directory)
==12858== Warning: invalid file descriptor 1024 in syscall close()
==12858== Warning: invalid file descriptor 1025 in syscall close()
==12858== Warning: invalid file descriptor 1026 in syscall close()
==12858== Warning: invalid file descriptor 1027 in syscall close()
==12858== Use --log-fd=<number> to select an alternative log fd.
==12858== Warning: invalid file descriptor 1028 in syscall close()
==12858== Warning: invalid file descriptor 1029 in syscall close()
==12858==
==12858== HEAP SUMMARY:
==12858== in use at exit: 12,441,476 bytes in 115,826 blocks
==12858== total heap usage: 591,306 allocs, 475,480 frees, 98,501,289 bytes allocated
==12858==
==12858== LEAK SUMMARY:
==12858== definitely lost: 40,464 bytes in 59 blocks
==12858== indirectly lost: 36,098 bytes in 1,454 blocks
==12858== possibly lost: 591,938 bytes in 6,523 blocks
==12858== still reachable: 10,904,660 bytes in 98,234 blocks
==12858== of which reachable via heuristic:
==12858== length64 : 200,200 bytes in 386 blocks
==12858== newarray : 9,692 bytes in 339 blocks
==12858== suppressed: 0 bytes in 0 blocks
==12858== Rerun with --leak-check=full to see details of leaked memory
==12858==
==12858== Use --track-origins=yes to see where uninitialised values come from
==12858== For lists of detected and suppressed errors, rerun with: -s
==12858== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==12859== Warning: invalid file descriptor 1024 in syscall close()
==12859== Warning: invalid file descriptor 1025 in syscall close()
==12859== Warning: invalid file descriptor 1026 in syscall close()
==12859== Warning: invalid file descriptor 1027 in syscall close()
==12859== Use --log-fd=<number> to select an alternative log fd.
==12859== Warning: invalid file descriptor 1028 in syscall close()
==12859== Warning: invalid file descriptor 1029 in syscall close()
==12859==
==12859== HEAP SUMMARY:
==12859== in use at exit: 12,523,188 bytes in 117,662 blocks
==12859== total heap usage: 595,294 allocs, 477,632 frees, 98,629,969 bytes allocated
==12859==
==12859== LEAK SUMMARY:
==12859== definitely lost: 40,632 bytes in 66 blocks
==12859== indirectly lost: 36,098 bytes in 1,454 blocks
==12859== possibly lost: 591,938 bytes in 6,523 blocks
==12859== still reachable: 10,960,660 bytes in 99,755 blocks
==12859== of which reachable via heuristic:
==12859== length64 : 200,200 bytes in 386 blocks
==12859== newarray : 9,772 bytes in 343 blocks
==12859== suppressed: 0 bytes in 0 blocks
==12859== Rerun with --leak-check=full to see details of leaked memory
==12859==
==12859== Use --track-origins=yes to see where uninitialised values come from
==12859== For lists of detected and suppressed errors, rerun with: -s
==12859== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
(totem:12826): dconf-WARNING **: 15:57:02.271: failed to commit changes to dconf: Failed to execute child process ?dbus-launch? (No such file or directory)
(totem:12826): GLib-GIO-CRITICAL **: 15:57:07.994: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(totem:12826): GLib-GIO-CRITICAL **: 15:57:08.071: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(totem:12826): Totem-WARNING **: 15:57:08.910: Failed to acquire screensaver proxy: Failed to execute child process ?dbus-launch? (No such file or directory)
(totem:12826): GLib-GIO-CRITICAL **: 15:57:12.304: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(totem:12826): GLib-GIO-CRITICAL **: 15:57:12.762: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
AL lib: (EE) ALCplaybackAlsa_open: Could not open playback device 'default': No such file or directory
(totem:12826): GLib-GIO-CRITICAL **: 15:57:33.436: g_dbus_connection_emit_signal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
==12826== Thread 33 multiqueue0:src_:
==12826== Invalid write of size 4
==12826== at 0x296EE86E: ??? (in /usr/lib/arm-linux-gnueabihf/libssh-gcrypt.so.4.8.6)
==12826== Address 0x25b0c660 is on thread 33's stack
==12826== 8 bytes below stack pointer
==12826==
==12826== Invalid write of size 4
==12826== at 0x2970AC46: ??? (in /usr/lib/arm-linux-gnueabihf/libssh-gcrypt.so.4.8.6)
==12826== Address 0x25b0c658 is on thread 33's stack
==12826== 8 bytes below stack pointer
==12826==
==12826== Invalid write of size 4
==12826== at 0x2970EC52: ??? (in /usr/lib/arm-linux-gnueabihf/libssh-gcrypt.so.4.8.6)
==12826== Address 0x25b0c648 is on thread 33's stack
==12826== 16 bytes below stack pointer
==12826==
==12826== Invalid write of size 4
==12826== at 0x296F8EB2: ??? (in /usr/lib/arm-linux-gnueabihf/libssh-gcrypt.so.4.8.6)
==12826== Address 0x25b0c640 is on thread 33's stack
==12826== 24 bytes below stack pointer
==12826==
==12826== Invalid write of size 4
==12826== at 0x29709DD6: ??? (in /usr/lib/arm-linux-gnueabihf/libssh-gcrypt.so.4.8.6)
==12826== Address 0x25b0c658 is on thread 33's stack
==12826== 8 bytes below stack pointer
==12826==
==12826== Thread 1:
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0xB6C5080: llvm::AsmPrinter::emitFunctionHeader() (in /usr/lib/arm-linux-gnueabihf/libLLVM-11.so.1)
==12826==
==12826== Thread 7 llvmpipe-5:
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x59512E0: libc_fesetenv_vfp (fenv_private.h:110)
==12826== by 0x59512E0: nearbyintf (s_nearbyintf.c:69)
==12826== by 0x221FF413: ???
==12826==
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x59512E0: libc_fesetenv_vfp (fenv_private.h:110)
==12826== by 0x59512E0: nearbyintf (s_nearbyintf.c:69)
==12826== by 0x221FF41F: ???
==12826==
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x59512E0: libc_fesetenv_vfp (fenv_private.h:110)
==12826== by 0x59512E0: nearbyintf (s_nearbyintf.c:69)
==12826== by 0x221FF42B: ???
==12826==
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x59512E0: libc_fesetenv_vfp (fenv_private.h:110)
==12826== by 0x59512E0: nearbyintf (s_nearbyintf.c:69)
==12826== by 0x221FF437: ???
==12826==
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x59512E0: libc_fesetenv_vfp (fenv_private.h:110)
==12826== by 0x59512E0: nearbyintf (s_nearbyintf.c:69)
==12826== by 0x221FF467: ???
==12826==
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x59512E0: libc_fesetenv_vfp (fenv_private.h:110)
==12826== by 0x59512E0: nearbyintf (s_nearbyintf.c:69)
==12826== by 0x221FF48F: ???
==12826==
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x59512E0: libc_fesetenv_vfp (fenv_private.h:110)
==12826== by 0x59512E0: nearbyintf (s_nearbyintf.c:69)
==12826== by 0x221FF49B: ???
==12826==
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x59512E0: libc_fesetenv_vfp (fenv_private.h:110)
==12826== by 0x59512E0: nearbyintf (s_nearbyintf.c:69)
==12826== by 0x221FF4A7: ???
==12826==
==12826== Thread 1:
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x4DC83FA: gtk_list_store_set_valist_internal (gtkliststore.c:1022)
==12826== by 0x4DC8B51: gtk_list_store_set_valist (gtkliststore.c:1137)
==12826== by 0x4DC8C19: gtk_list_store_set (gtkliststore.c:1179)
==12826== by 0x4886C3F: totem_playlist_steal_current_starttime (totem-playlist.c:1790)
==12826== by 0x488058F: update_seekable (totem-object.c:2524)
==12826== by 0x488058F: property_notify_cb_seekable (totem-object.c:2616)
==12826== by 0x48CC251: g_closure_invoke (gclosure.c:810)
==12826== by 0x48D9767: signal_emit_unlocked_R.isra.0 (gsignal.c:3739)
==12826== by 0x48DDE11: g_signal_emit_valist (gsignal.c:3495)
==12826== by 0x48DE0A1: g_signal_emit (gsignal.c:3551)
==12826== by 0x48CF33D: g_object_dispatch_properties_changed (gobject.c:1206)
==12826== by 0x48D0AAB: g_object_notify_by_spec_internal (gobject.c:1299)
==12826== by 0x48D0AAB: g_object_notify (gobject.c:1347)
==12826== by 0x48909EB: got_time_tick.constprop.0 (bacon-video-widget.c:2614)
==12826==
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x4DC840A: gtk_list_store_set_valist_internal (gtkliststore.c:1027)
==12826== by 0x4DC8B51: gtk_list_store_set_valist (gtkliststore.c:1137)
==12826== by 0x4DC8C19: gtk_list_store_set (gtkliststore.c:1179)
==12826== by 0x4886C3F: totem_playlist_steal_current_starttime (totem-playlist.c:1790)
==12826== by 0x488058F: update_seekable (totem-object.c:2524)
==12826== by 0x488058F: property_notify_cb_seekable (totem-object.c:2616)
==12826== by 0x48CC251: g_closure_invoke (gclosure.c:810)
==12826== by 0x48D9767: signal_emit_unlocked_R.isra.0 (gsignal.c:3739)
==12826== by 0x48DDE11: g_signal_emit_valist (gsignal.c:3495)
==12826== by 0x48DE0A1: g_signal_emit (gsignal.c:3551)
==12826== by 0x48CF33D: g_object_dispatch_properties_changed (gobject.c:1206)
==12826== by 0x48D0AAB: g_object_notify_by_spec_internal (gobject.c:1299)
==12826== by 0x48D0AAB: g_object_notify (gobject.c:1347)
==12826== by 0x48909EB: got_time_tick.constprop.0 (bacon-video-widget.c:2614)
==12826==
==12826== Conditional jump or move depends on uninitialised value(s)
==12826== at 0x4DC8350: gtk_list_store_set_valist_internal (gtkliststore.c:1027)
==12826== by 0x4DC8B51: gtk_list_store_set_valist (gtkliststore.c:1137)
==12826== by 0x4DC8C19: gtk_list_store_set (gtkliststore.c:1179)
==12826== by 0x4886C3F: totem_playlist_steal_current_starttime (totem-playlist.c:1790)
==12826== by 0x488058F: update_seekable (totem-object.c:2524)
==12826== by 0x488058F: property_notify_cb_seekable (totem-object.c:2616)
==12826== by 0x48CC251: g_closure_invoke (gclosure.c:810)
==12826== by 0x48D9767: signal_emit_unlocked_R.isra.0 (gsignal.c:3739)
==12826== by 0x48DDE11: g_signal_emit_valist (gsignal.c:3495)
==12826== by 0x48DE0A1: g_signal_emit (gsignal.c:3551)
==12826== by 0x48CF33D: g_object_dispatch_properties_changed (gobject.c:1206)
==12826== by 0x48D0AAB: g_object_notify_by_spec_internal (gobject.c:1299)
==12826== by 0x48D0AAB: g_object_notify (gobject.c:1347)
==12826== by 0x48909EB: got_time_tick.constprop.0 (bacon-video-widget.c:2614)
==12826==
==12826== Use of uninitialised value of size 4
==12826== at 0x4DC8356: gtk_list_store_set_valist_internal (gtkliststore.c:1033)
==12826== by 0x4DC8B51: gtk_list_store_set_valist (gtkliststore.c:1137)
==12826== by 0x4DC8C19: gtk_list_store_set (gtkliststore.c:1179)
==12826== by 0x4886C3F: totem_playlist_steal_current_starttime (totem-playlist.c:1790)
==12826== by 0x488058F: update_seekable (totem-object.c:2524)
==12826== by 0x488058F: property_notify_cb_seekable (totem-object.c:2616)
==12826== by 0x48CC251: g_closure_invoke (gclosure.c:810)
==12826== by 0x48D9767: signal_emit_unlocked_R.isra.0 (gsignal.c:3739)
==12826== by 0x48DDE11: g_signal_emit_valist (gsignal.c:3495)
==12826== by 0x48DE0A1: g_signal_emit (gsignal.c:3551)
==12826== by 0x48CF33D: g_object_dispatch_properties_changed (gobject.c:1206)
==12826== by 0x48D0AAB: g_object_notify_by_spec_internal (gobject.c:1299)
==12826== by 0x48D0AAB: g_object_notify (gobject.c:1347)
==12826== by 0x48909EB: got_time_tick.constprop.0 (bacon-video-widget.c:2614)
==12826==
==12826== Use of uninitialised value of size 4
==12826== at 0x4DC8372: gtk_list_store_set_valist_internal (gtkliststore.c:1033)
==12826== by 0x4DC8B51: gtk_list_store_set_valist (gtkliststore.c:1137)
==12826== by 0x4DC8C19: gtk_list_store_set (gtkliststore.c:1179)
==12826== by 0x4886C3F: totem_playlist_steal_current_starttime (totem-playlist.c:1790)
==12826== by 0x488058F: update_seekable (totem-object.c:2524)
==12826== by 0x488058F: property_notify_cb_seekable (totem-object.c:2616)
==12826== by 0x48CC251: g_closure_invoke (gclosure.c:810)
==12826== by 0x48D9767: signal_emit_unlocked_R.isra.0 (gsignal.c:3739)
==12826== by 0x48DDE11: g_signal_emit_valist (gsignal.c:3495)
==12826== by 0x48DE0A1: g_signal_emit (gsignal.c:3551)
==12826== by 0x48CF33D: g_object_dispatch_properties_changed (gobject.c:1206)
==12826== by 0x48D0AAB: g_object_notify_by_spec_internal (gobject.c:1299)
==12826== by 0x48D0AAB: g_object_notify (gobject.c:1347)
==12826== by 0x48909EB: got_time_tick.constprop.0 (bacon-video-widget.c:2614)
==12826==
==12826== Invalid read of size 1
==12826== at 0x484481C: strlen (vg_replace_strmem.c:459)
==12826== by 0x495C877: g_strdup (gstrfuncs.c:363)
==12826== by 0x48E8143: value_collect_string (gvaluetypes.c:293)
==12826== by 0x4DC83BD: gtk_list_store_set_valist_internal (gtkliststore.c:1033)
==12826== by 0x4DC8B51: gtk_list_store_set_valist (gtkliststore.c:1137)
==12826== by 0x4DC8C19: gtk_list_store_set (gtkliststore.c:1179)
==12826== by 0x4886C3F: totem_playlist_steal_current_starttime (totem-playlist.c:1790)
==12826== by 0x488058F: update_seekable (totem-object.c:2524)
==12826== by 0x488058F: property_notify_cb_seekable (totem-object.c:2616)
==12826== by 0x48CC251: g_closure_invoke (gclosure.c:810)
==12826== by 0x48D9767: signal_emit_unlocked_R.isra.0 (gsignal.c:3739)
==12826== by 0x48DDE11: g_signal_emit_valist (gsignal.c:3495)
==12826== by 0x48DE0A1: g_signal_emit (gsignal.c:3551)
==12826== Address 0x9936298b is not stack'd, malloc'd or (recently) free'd
==12826==
==12826==
==12826== Process terminating with default action of signal 11 (SIGSEGV)
==12826== Access not within mapped region at address 0x9936298B
==12826== at 0x484481C: strlen (vg_replace_strmem.c:459)
==12826== by 0x495C877: g_strdup (gstrfuncs.c:363)
==12826== by 0x48E8143: value_collect_string (gvaluetypes.c:293)
==12826== by 0x4DC83BD: gtk_list_store_set_valist_internal (gtkliststore.c:1033)
==12826== by 0x4DC8B51: gtk_list_store_set_valist (gtkliststore.c:1137)
==12826== by 0x4DC8C19: gtk_list_store_set (gtkliststore.c:1179)
==12826== by 0x4886C3F: totem_playlist_steal_current_starttime (totem-playlist.c:1790)
==12826== by 0x488058F: update_seekable (totem-object.c:2524)
==12826== by 0x488058F: property_notify_cb_seekable (totem-object.c:2616)
==12826== by 0x48CC251: g_closure_invoke (gclosure.c:810)
==12826== by 0x48D9767: signal_emit_unlocked_R.isra.0 (gsignal.c:3739)
==12826== by 0x48DDE11: g_signal_emit_valist (gsignal.c:3495)
==12826== by 0x48DE0A1: g_signal_emit (gsignal.c:3551)
==12826== If you believe this happened as a result of a stack
==12826== overflow in your program's main thread (unlikely but
==12826== possible), you can try to increase the size of the
==12826== main thread stack using the --main-stacksize= flag.
==12826== The main thread stack size used in this run was 8388608.
==12826==
==12826== HEAP SUMMARY:
==12826== in use at exit: 38,137,576 bytes in 203,188 blocks
==12826== total heap usage: 857,623 allocs, 654,435 frees, 231,564,118 bytes allocated
==12826==
==12826== LEAK SUMMARY:
==12826== definitely lost: 9,154 bytes in 93 blocks
==12826== indirectly lost: 36,671 bytes in 1,488 blocks
==12826== possibly lost: 790,289 bytes in 8,966 blocks
==12826== still reachable: 36,205,034 bytes in 181,216 blocks
==12826== of which reachable via heuristic:
==12826== length64 : 200,152 bytes in 384 blocks
==12826== newarray : 14,276 bytes in 564 blocks
==12826== suppressed: 0 bytes in 0 blocks
==12826== Rerun with --leak-check=full to see details of leaked memory
==12826==
==12826== Use --track-origins=yes to see where uninitialised values come from
==12826== For lists of detected and suppressed errors, rerun with: -s
==12826== ERROR SUMMARY: 8220 errors from 21 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
gdb -q --args totem Terra\ X.Atlantis\ der\ Nordsee2021-04-1221-40.ts
set width 0
set pagination off
directory /home/benutzer/source/libgtk-3-0/orig/gtk+3.0-3.24.24/gtk/theme/HighContrast/assets
directory /home/benutzer/source/totem/orig/totem-3.38.0/src
display/i $pc
tb bvw_query_timeout
y
run
b gtkliststore.c:1022
cont
display column
display priv->n_columns
display g_vci_cvalues[0].v_pointer
display &g_vci_cvalues[0].v_pointer
(gdb) next
1033 G_VALUE_COLLECT_INIT (&value, priv->column_headers[column],
1: x/i $pc
=> 0xb680a352 <gtk_list_store_set_valist_internal+118>: ldr.w r3, [r9, #12]
2: column = 9
3: priv->n_columns = 10
4: g_vci_cvalues[0].v_pointer = (gpointer) 0x0
5: &g_vci_cvalues[0].v_pointer = (gpointer *) 0xbeffee78
...
(gdb)
1033 G_VALUE_COLLECT_INIT (&value, priv->column_headers[column],
1: x/i $pc
=> 0xb680a352 <gtk_list_store_set_valist_internal+118>: ldr.w r3, [r9, #12]
2: column = 0
3: priv->n_columns = 10
4: g_vci_cvalues[0].v_pointer = (gpointer) 0xffffffff
5: &g_vci_cvalues[0].v_pointer = (gpointer *) 0xbeffee78
(gdb)
...
(gdb)
1033 G_VALUE_COLLECT_INIT (&value, priv->column_headers[column],
1: x/i $pc
=> 0xb680a352 <gtk_list_store_set_valist_internal+118>: ldr.w r3, [r9, #12]
2: column = 3
3: priv->n_columns = 10
4: g_vci_cvalues[0].v_pointer = (gpointer) 0x0
5: &g_vci_cvalues[0].v_pointer = (gpointer *) 0xbeffee78
6: value = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
7: &value = (GValue *) 0xbeffee60
(gdb)
Thread 1 "totem" received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/arm/armv6t2/strlen.S:126
126 ../sysdeps/arm/armv6t2/strlen.S: No such file or directory.
1: x/i $pc
=> 0xb65c46ae <strlen+174>: ldrd r2, r3, [r1]
(gdb) bt
#0 strlen () at ../sysdeps/arm/armv6t2/strlen.S:126
#1 0xb6e82878 in g_strdup (str=0x63fca6aa <error: Cannot access memory at address 0x63fca6aa>) at ../../../glib/gstrfuncs.c:363
#2 0xb6f47144 in value_collect_string (value=0xbeffee60, n_collect_values=<optimized out>, collect_values=<optimized out>, collect_flags=<optimized out>) at ../../../gobject/gvaluetypes.c:293
#3 0xb680a3be in gtk_list_store_set_valist_internal (list_store=list_store at entry=0xa0b4c8, iter=iter at entry=0xbeffef44, emit_signal=emit_signal at entry=0xbeffeefc, maybe_need_sort=maybe_need_sort at entry=0xbeffef00, var_args=..., var_args at entry=...) at ../../../../gtk/gtkliststore.c:1033
#4 0xb680ab52 in gtk_list_store_set_valist (list_store=0xa0b4c8, iter=iter at entry=0xbeffef44, var_args=..., var_args at entry=...) at ../../../../gtk/gtkliststore.c:1137
#5 0xb680ac1a in gtk_list_store_set (list_store=<optimized out>, iter=0xbeffef44) at ../../../../gtk/gtkliststore.c:1179
#6 0xb6f91c40 in totem_playlist_steal_current_starttime (playlist=0xa1e100) at ../src/totem-playlist.c:1790
#7 0xb6f8b590 in update_seekable (totem=0x450140) at ../src/totem-object.c:2524
#8 property_notify_cb_seekable (bvw=<optimized out>, spec=<optimized out>, totem=0x450140) at ../src/totem-object.c:2616
#9 0xb6f2b252 in g_closure_invoke (closure=0x6e7048, return_value=return_value at entry=0x0, n_param_values=2, param_values=param_values at entry=0xbefff090, invocation_hint=invocation_hint at entry=0xbefff00c) at ../../../gobject/gclosure.c:810
#10 0xb6f38768 in signal_emit_unlocked_R (node=node at entry=0x448800, detail=105, instance=0xa6e290, emission_return=emission_return at entry=0x0, instance_and_params=instance_and_params at entry=0xbefff090) at ../../../gobject/gsignal.c:3739
#11 0xb6f3ce12 in g_signal_emit_valist (instance=instance at entry=0xa6e290, signal_id=signal_id at entry=1, detail=detail at entry=3204444612, var_args=..., var_args at entry=...) at ../../../gobject/gsignal.c:3495
#12 0xb6f3d0a2 in g_signal_emit (instance=instance at entry=0xa6e290, signal_id=signal_id at entry=1, detail=105) at ../../../gobject/gsignal.c:3551
#13 0xb6f2e33e in g_object_dispatch_properties_changed (object=0xa6e290, n_pspecs=1, pspecs=<optimized out>) at ../../../gobject/gobject.c:1206
#14 0xb6f2faac in g_object_notify_by_spec_internal (pspec=<optimized out>, object=0xa6e290) at ../../../gobject/gobject.c:1299
#15 g_object_notify (object=0xa6e290, property_name=<optimized out>) at ../../../gobject/gobject.c:1347
#16 0xb6f9b9ec in got_time_tick (time_nanos=<optimized out>, bvw=bvw at entry=0xa6e290, play=<optimized out>) at ../src/backend/bacon-video-widget.c:2614
#17 0xb6f9ca02 in bvw_query_timeout (bvw=bvw at entry=0xa6e290) at ../src/backend/bacon-video-widget.c:2830
#18 0xb6fa0792 in bvw_bus_message_cb (bus=<optimized out>, message=<optimized out>, bvw=0xa6e290) at ../src/backend/bacon-video-widget.c:2485
#19 0xb6f2d2e8 in g_cclosure_marshal_VOID__BOXEDv (closure=0xaaf750, return_value=<optimized out>, instance=0x9f8bf0, args=..., marshal_data=0x0, n_params=1, param_types=0x7d1118) at ../../../gobject/gmarshal.c:1686
#20 0xb6f2b3d8 in _g_closure_invoke_va (closure=closure at entry=0xaaf750, return_value=0x0, instance=0x9f8bf0, instance at entry=0x0, args=..., args at entry=..., n_params=n_params at entry=1, param_types=0x7d1118) at ../../../gobject/gclosure.c:873
#21 0xb6f3cef6 in g_signal_emit_valist (instance=0x0, instance at entry=0x9f8bf0, signal_id=<optimized out>, detail=0, detail at entry=3204445364, var_args=..., var_args at entry=...) at ../../../gobject/gsignal.c:3404
#22 0xb6f3d0a2 in g_signal_emit (instance=instance at entry=0x9f8bf0, signal_id=<optimized out>, detail=289) at ../../../gobject/gsignal.c:3551
#23 0xb64b1420 in gst_bus_async_signal_func (bus=0x9f8bf0, message=0xa5405068, data=<optimized out>) at ../gst/gstbus.c:1295
#24 0xb64b2008 in gst_bus_source_dispatch (source=0xa8a388, callback=0xb64b13e5 <gst_bus_async_signal_func>, user_data=0x0) at ../gst/gstbus.c:851
#25 0xb6e6bf4c in g_main_dispatch (context=0x46e678) at ../../../glib/gmain.c:3325
#26 g_main_context_dispatch (context=context at entry=0x46e678) at ../../../glib/gmain.c:4043
#27 0xb6e6c1e0 in g_main_context_iterate (context=context at entry=0x46e678, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../../../glib/gmain.c:4119
#28 0xb6e6c25a in g_main_context_iteration (context=context at entry=0x46e678, may_block=may_block at entry=1) at ../../../glib/gmain.c:4184
#29 0xb6d990a6 in g_application_run (application=0x450140, argc=<optimized out>, argv=0xbefff754) at ../../../gio/gapplication.c:2559
#30 0x00401160 in main (argc=<optimized out>, argv=<optimized out>) at ../src/totem.c:83
(gdb) list totem_playlist_steal_current_starttime
1765 return content_type;
1766 }
1767
1768 gint64
1769 totem_playlist_steal_current_starttime (TotemPlaylist *playlist)
1770 {
1771 GtkTreeIter iter;
1772 gint64 starttime;
1773
1774 g_return_val_if_fail (TOTEM_IS_PLAYLIST (playlist), 0);
1775
1776 if (update_current_from_playlist (playlist) == FALSE)
1777 return 0;
1778
1779 gtk_tree_model_get_iter (playlist->priv->model,
1780 &iter,
1781 playlist->priv->current);
1782
1783 gtk_tree_model_get (playlist->priv->model,
1784 &iter,
1785 STARTTIME_COL, &starttime,
1786 -1);
1787
1788 /* And reset the starttime so it's only used once,
1789 * hence the "steal" in the API name */
1790 gtk_list_store_set (GTK_LIST_STORE (playlist->priv->model),
1791 &iter,
1792 STARTTIME_COL, 0,
1793 -1);
1794
1795 return starttime;
1796 }
1797
dpkg-source --commit
dpkg-buildpackage
dpkg -i gir1.2-totem-1.0_3.38.0-2_armhf.deb libtotem0_3.38.0-2_armhf.deb libtotem0-dbgsym_3.38.0-2_armhf.deb totem_3.38.0-2_armhf.deb totem-common_3.38.0-2_all.deb totem-dbgsym_3.38.0-2_armhf.deb totem-plugins_3.38.0-2_armhf.deb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 986432-totem_playlist_steal_current_starttime-gtk_list_store_set.patch
Type: text/x-patch
Size: 440 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20210419/9f387546/attachment-0001.bin>
More information about the pkg-gnome-maintainers
mailing list