[MPlayer-dev-eng] Website Docs: A.7. I know what I am doing... was: [Bug] Analog video capture raises all kind of several glibc+process memory exceptions intermittently

thomas schorpp thomas.schorpp at googlemail.com
Thu Dec 13 20:10:13 CET 2007


thomas schorpp wrote:
> thomas schorpp wrote:
>> thomas schorpp wrote:
>>> thomas schorpp wrote:
>>>> hi,
>>>>
>>>
>>>> (gdb) bt
>>>> #0  0x00002b0bc616ed3d in _int_free () from /lib/libc.so.6
>>>> #1  0x00002b0bc6172bdc in free () from /lib/libc.so.6
>>>> #2  0x00000000004c9146 in ds_fill_buffer (ds=0xfbda30) at 
>>>> demuxer.h:265                        <------- REPRODUCIBLE
>>>> #3  0x00000000004c9795 in ds_get_packet (ds=0xfbda30, 
>>>> start=0x7fffe7764e60) at demuxer.c:535
>>>> #4  0x00000000005111cd in video_read_frame (sh_video=0xfbe0c0, 
>>>> frame_time_ptr=0x7fffe7764e6c, start=0x7fffe7764e60,
>>>>   force_fps=0) at video.c:549
>>>> #5  0x000000000043b246 in main (argc=<value optimized out>, 
>>>> argv=<value optimized out>) at mencoder.c:1241
>>>                                 
>>>>
>>>> seems the ds_get_next_pts at demuxer.c:595 buffer code is not safe.
>>>> I see no land here and use transcode until this is fixed.
>>>>
>>>> y
>>>> tom
>>>>
>>>
>>> hi, investigating
>>>
>>> http://article.gmane.org/gmane.comp.video.mencoder.user/7442
>>>
>>> what is that?
>>>
>>> static inline void free_demux_packet(demux_packet_t* dp){
>>>  if (dp->master==NULL){  //dp is a master packet
>>>    dp->refcount--;
>>>    if (dp->refcount==0){
>>> //    if (dp->buffer) free(dp->buffer); schorpp
>>>      free(dp); <--- above instruction is dp's work.          well, 
>>> this is indeed a "double free" if dp type is designed with OO 
>>> orthodox canonical form in mind.
>>> other explanation?
>>>
>>> intermittent bug seems to occur on buffer underrun, I'm using a USB 
>>> 1.1 grabber.
>>>
>>
>> not working,
>> #0  0x00002aef8ade2d3d in _int_free () from /lib/libc.so.6
>> #1  0x00002aef8ade6bdc in free () from /lib/libc.so.6
>> #2  0x00000000004c9146 in ds_fill_buffer (ds=0xfbee80) at demuxer.h:265
>> #3  0x00000000004c9795 in ds_get_packet (ds=0xfbee80, 
>> start=0x7fff22aef450) at demuxer.c:535    <--- intermittently on 595 too.
>> #4  0x00000000005111cd in video_read_frame (sh_video=0xfbf510, 
>> frame_time_ptr=0x7fff22aef45c, start=0x7fff22aef450,
>>    force_fps=0) at video.c:549
>> #5  0x000000000043b246 in main (argc=<value optimized out>, 
>> argv=<value optimized out>) at mencoder.c:1241
>>
>>
>> trying extra check (useless if unnulled pointer):
>>
>> static inline void free_demux_packet(demux_packet_t* dp){
>>  if (dp->master==NULL){  //dp is a master packet
>>    dp->refcount--;
>>    if (dp->refcount==0){
>>      if (dp->buffer) free(dp->buffer);
>>      if (dp) free(dp);    //    free(dp); schorpp
>>  
>> ideas?
>>
>>
> 
> not working.
> +
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x2af9834f1300 (LWP 7334)]
> 0x00002af980240199 in x264_plane_copy_mmxext () from /usr/lib/libx264.so.56
> (gdb) bt
> #0  0x00002af980240199 in x264_plane_copy_mmxext () from 
> /usr/lib/libx264.so.56
> #1  0x00002af9801f6126 in ?? () from /usr/lib/libx264.so.56
> #2  0x00002af9802347dd in x264_encoder_encode () from 
> /usr/lib/libx264.so.56
> 
> now the encoder eats crap.
> reproducible.
> 
> ok, using transcode meanwhile.
> 
> 
> 
> 

http://www.mplayerhq.hu/DOCS/HTML/en/bugreports_advusers.html

this seems outdated. suggest MPlayer Team to remove it, since You seem 
no more committed to it.

I can't fix all those buffer overflow(?) bugs without supervisory from someone 
who knows the MPlayer designs and code very well, thank You.
Will use Transcode or others for analog video capture.

y
tom



More information about the MPlayer-dev-eng mailing list