[MPlayer-dev-eng] [Bug] Analog video capture raises all kind of several glibc+process memory exceptions intermittently

thomas schorpp thomas.schorpp at googlemail.com
Thu Dec 13 22:19:20 CET 2007 

Reimar Döffinger wrote:
> On Mon, Dec 10, 2007 at 11:30:42PM +0100, thomas schorpp wrote:
>> thomas schorpp wrote:
>>> thomas schorpp wrote:
>>>> thomas schorpp wrote:
>>>>> (gdb) bt
>>>>> #0  0x00002b0bc616ed3d in _int_free () from /lib/libc.so.6
>>>>> #1  0x00002b0bc6172bdc in free () from /lib/libc.so.6
>>>>> #2  0x00000000004c9146 in ds_fill_buffer (ds=0xfbda30) at 
>>>>> demuxer.h:265                        <------- REPRODUCIBLE
>>>>> #3  0x00000000004c9795 in ds_get_packet (ds=0xfbda30, 
>>>>> start=0x7fffe7764e60) at demuxer.c:535
>>>>> #4  0x00000000005111cd in video_read_frame (sh_video=0xfbe0c0, 
>>>>> frame_time_ptr=0x7fffe7764e6c, start=0x7fffe7764e60,
>>>>>   force_fps=0) at video.c:549
>>>>> #5  0x000000000043b246 in main (argc=<value optimized out>, 
>>>>> argv=<value optimized out>) at mencoder.c:1241
>>>>                                  
>>>>> seems the ds_get_next_pts at demuxer.c:595 buffer code is not safe.
>>>>> I see no land here and use transcode until this is fixed.
> 
> Since you (originally at least) reported a _segfault_, not an abort
> in free(), the problem is _not_ there, the problem is that memory used
> for memory management is trashed/has been overwritten incorrectly.

thx, but I don't need a lecture on this. the linked original user list bugpost has contained 
at least one stack trace down to libc, if not, then because I had to crop it because 
of the 100kB list limitation.

> valgrind may help, though it is a bit suspicious that there have been no
> other reports of that problem.

This is not suspicious but intended practice because of Your hidden QA-process (hidden 
"advanced-user" list, e.g.). This "closed" maintainer habit demotivates for any more contribution, 
too. sorry.
I've seen no distro-maintainer upstream forwards on any of Your lists, too.
You call that a software product lifecycle QM-cycle? Well, keep it.

> 
>>> trying extra check (useless if unnulled pointer):
>>>
>>> static inline void free_demux_packet(demux_packet_t* dp){
>>>  if (dp->master==NULL){  //dp is a master packet
>>>    dp->refcount--;
>>>    if (dp->refcount==0){
>>>      if (dp->buffer) free(dp->buffer);
>>>      if (dp) free(dp);    //    free(dp); schorpp
> 
> As reading "man 3 free" will tell this check is actually always
> useless...

So You guys always rely on docs for coding. cool. Thanks for fooling me, 
but I'm not that green.

> And this is not the right list for bug reports unless they come with a
> fix.

See the QA system critics statement above. I'm outa here. Wish You well.
Now unsubscribing.

> 
> Greetings,
> Reimar Döffinger

y
tom

More information about the MPlayer-dev-eng mailing list