Bug#704259: vdr-plugin-xineliboutput: VDR tends to crash when stopping playing an internet radio

Eric L. ewl+debian+nospam2014 at lavar.de
Sat May 2 19:07:01 UTC 2015 

Hi,

progressing with small steps:

1. from cooljay32 on vdr-portal.de, I got the attached patch which fixes 
the issue (at the price of loosing all information about size/progress, 
making it a patch not fit for any bigger public). At least it shows 
where the issue might be.

2. Learning about some aspects of gdb, I tried the following:

$ gdb --core=core-imon-xvdr_2015-03-15_13-22 --eval-command=bt 
--directory=/home/ericl/VDR/vdr-plugin-imonlcd-1.0.1/ 
--directory=/home/ericl/VDR/vdr-plugin-xineliboutput-1.1.0+cvs20150211/ 
--exec /usr/bin/vdr
GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
[New LWP 1880]
[New LWP 1883]
[New LWP 1986]
[New LWP 1863]
[New LWP 1866]
[New LWP 1869]
[New LWP 1870]
[New LWP 1871]
[New LWP 1873]
[New LWP 1881]
[New LWP 1872]
[New LWP 1874]
[New LWP 1875]
[New LWP 1882]
[New LWP 1876]
[New LWP 1877]
[New LWP 1878]
[New LWP 1879]
[New LWP 1868]
[New LWP 1858]
[New LWP 1864]
[New LWP 1867]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/bin/vdr -v /var/lib/video -c /var/lib/vdr -L 
/usr/lib/vdr/plugins -r /usr/'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  cXinelibDevice::PlayFileCtrl (this=0xf0, Cmd=0x7ff90aa9e5bb 
"GETLENGTH",
     TimeoutMs=-1) at device.c:861
861         if(m_server)
#0  cXinelibDevice::PlayFileCtrl (this=0xf0, Cmd=0x7ff90aa9e5bb 
"GETLENGTH",
     TimeoutMs=-1) at device.c:861
#1  0x00007ff90aa7cb06 in GetLength (this=0x1c0fca0) at media_player.c:79
#2  cXinelibPlayer::GetIndex (this=0x1c0fca0, Current=@0x7ff909b37e48: 0,
     Total=@0x7ff909b37e4c: 0, SnapToIFrame=<optimized out>)
     at media_player.c:152
#3  0x00007ff909d9fafa in GetIndex (SnapToIFrame=false,
     Total=@0x7ff909b37e4c: 0, Current=@0x7ff909b37e48: 0, 
this=<optimized out>)
     at /usr/include/vdr/player.h:102
#4  ciMonWatch::ReplayPosition (this=<optimized out>,
     current=@0x7ff909b37e48: 0, total=@0x7ff909b37e4c: 0,
     dFrameRate=@0x7ff909b37da0: 25) at watch.c:740
#5  0x00007ff909da10e8 in ciMonWatch::ReplayTime 
(this=this at entry=0x19a31c8,
     current=@0x7ff909b37e48: 0, total=@0x7ff909b37e4c: 0) at watch.c:787
#6  0x00007ff909da14d6 in ciMonWatch::Action (this=0x19a31c8) at watch.c:286
#7  0x000000000050f3cf in ?? ()
#8  0x00007ff90ed3c878 in ?? ()
#9  0x0000000000000000 in ?? ()

3. Looking at the code pointed at above, it looks like the code is 
correct in the sense that all pointers are checked before being used, 
and I don't understand how the #0 line can lead to a SEGV. #4 leads to 
the function (almost) commented out by the patch from cooljay32.

4. Now I'm a bit stuck, with a few ideas though:

a. could it be that the object disappears while it is being accessed, 
probably in different threads, hence the SEGV? How to debug and/or avoid 
this? Not sure how to interpret this exactly, but it sounds like it:

(gdb) print m_server
Cannot access memory at address 0x2bb0
(gdb) print this
$1 = (cXinelibDevice * const) 0xf0
(gdb) print this->m_server
Cannot access memory at address 0x2bb0

Doesn't 0xf0 sound like a wrong (too short) pointer?

b. perhaps instead of completely disabling the ReplayPosition function 
it could be possible to have something similar to a try/catch in Java? 
Does this exist under C/C++? Can SEGV be caught?

That's it for now, any further idea welcome...

Kind Regards, Eric

On 15/03/15 22:18, Eric L. wrote:
> Hi,
>
> yep, I know how it is, and that's why I'm asking you, or anybody else,
> to help me help myself, because from all my research it's an issue
> between the two plugins and I need to debug it myself.
> Any idea welcome, Eric
>
> On 15 March 2015 19:08:57 CET, Tobias Grimm <tobias.grimm at e-tobi.net> wrote:
>
>     Can you reproduce this WITHOUT ImonLCD?
>
>     The problem is - in order to fix this, I need to reliably reproduce this
>     segfault on my system.
>
>     Tobias
>
>
>
> --
> I'm on debian-java, java maintainers, vdr maintainers and
> debian-mentors; no need to CC me on these lists. Thanks!


-- 
I'm subscribed on debian-java, debian-mentors, pkg-java-maintainers and 
pkg-vdr-dvb-devel.
No need to CC me on these lists.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: no_getindex.patch.gz
Type: application/gzip
Size: 409 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-vdr-dvb-devel/attachments/20150502/6caa0973/attachment-0001.bin>

More information about the pkg-vdr-dvb-devel mailing list