#174 segfault at startup

open
nobody
None
5
2006-08-11
2006-08-11
Akos Ladanyi
No

Using zvbi-0.2.22, rte-0.5.6, zapping-0.10cvs6 on
gentoo. Tell me if you need more info. Here is the
backtace, hope it's useful.

akos@nimrud ~ $ gdb /usr/bin/zapping
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public
License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show
warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using
host libthread_db library "/lib/libthread_db.so.1".

gdb> run
[Thread debugging using libthread_db enabled]
[New Thread -1226787152 (LWP 18568)]
[New Thread -1309344864 (LWP 18575)]
[New Thread -1321473120 (LWP 18578)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1226787152 (LWP 18568)]
_______________________________________________________________________________
eax:80808080 ebx:0814B6D4 ecx:0000005A
edx:00000000 eflags:00210A47
esi:B174F01C edi:B174F01C esp:BF87D128
ebp:BF87D158 eip:B6E93817
cs:0073 ds:007B es:007B fs:0000 gs:0033
ss:007B O d I t s Z a P C
[007B:BF87D128]---------------------------------------------------------[stack]
BF87D158 : B8 D1 87 BF 2C 00 0C 08 - 00 EE 74 B1 80
80 80 80 ....,.....t.....
BF87D148 : 1C 02 00 00 D4 B6 14 08 - 68 01 00 00 B4
D2 19 08 ........h.......
BF87D138 : 68 01 00 00 01 00 00 00 - 00 00 00 00 73
EE 0C 08 h...........s...
BF87D128 : 01 00 00 00 3D 01 0C 08 - 1C F0 74 B1 80
80 80 80 ....=.....t.....
[007B:B174F01C]---------------------------------------------------------[
data]
B174F01C : 00 00 00 00 00 00 00 00 - 00 00 00 00 00
00 00 00 ................
B174F02C : 00 00 00 00 00 00 00 00 - 00 00 00 00 00
00 00 00 ................
[0073:B6E93817]---------------------------------------------------------[
code]
0xb6e93817 <memset+55>: rep stos %eax,%es:(%edi)
0xb6e93819 <memset+57>: mov %edx,%ecx
0xb6e9381b <memset+59>: rep stos %al,%es:(%edi)
0xb6e9381d <memset+61>: mov 0x8(%esp),%eax
0xb6e93821 <memset+65>: pop %edi
0xb6e93822 <memset+66>: ret
------------------------------------------------------------------------------
0xb6e93817 in memset () from /lib/libc.so.6
gdb> thread apply all bt full
3 Thread -1321473120 (LWP 18578) 0xffffe410 in
__kernel_vsyscall ()
2 Thread -1309344864 (LWP 18575) 0xffffe410 in
__kernel_vsyscall ()
* 1 Thread -1226787152 (LWP 18568) 0xb6e93817 in
memset () from /lib/libc.so.6
gdb> bt full
#0 0xb6e93817 in memset () from /lib/libc.so.6
No symbol table info available.
#1 0x080c013d in _tv_clear_plane_1_SCALAR
(dst=0xb174f01c "", value=0x80808080, width=0x168,
height=0x240, padding=0xb4) at clear_image.c:175
No locals.
#2 0x080c002c in tv_clear_image (image=0xb16b7000,
format=0x819d2b4) at clear_image.c:437
clear_plane = (clear_plane_fn *) 0x80808080
clear_plane_3 = <value optimized out>
pf = (const tv_pixel_format *) 0x8145820
dst = (uint8_t *) 0x5a <Address 0x5a out of bounds>
src = <value optimized out>
width = <value optimized out>
height = 0x240
padding = 0xb4
align = <value optimized out>
value = <value optimized out>
__PRETTY_FUNCTION__ = "tv_clear_image"
#3 0x0809b5ab in queue_xbuffer (info=0x819d1b0, b=0x0)
at tveng25.c:2056
buffer = {index = 0x97e00, type = 760,
bytesused = 0x3, flags = 0x98000, field = 3069053352,
timestamp = {tv_sec = 0x98000, tv_usec = 0x819d1b0},
timecode = {type = 0x0, flags = 0xbf87d258, frames =
0x4e, seconds = 0xe2, minutes = 0xb, hours = 0x8,
userbits = "\000\000\000"}, sequence = 0x98000, memory
= V4L2_MEMORY_OVERLAY, m = {offset = 0x1, userptr =
0x1}, length = 0x11, input = 0x2f8000, reserved = 0x270}
__func__ = "queue_xbuffer"
#4 0x0809b76b in queue_xbuffers (info=0x819d1b0) at
tveng25.c:2086
p_info = (struct private_tveng25_device_info *)
0x819d1b0
i = 0x0
#5 0x0809d934 in set_capture_buffers (info=0x819d1b0,
buffers=0x0, n_buffers=0x8) at tveng25.c:2626
p_info = (struct private_tveng25_device_info *)
0x819d1b0
__func__ = "set_capture_buffers"
__PRETTY_FUNCTION__ = "set_capture_buffers"
#6 0x0809e6cd in enable_capture (info=0x819d1b0,
enable=0x1) at tveng25.c:2746
dummy = 0x0
buf_type = <value optimized out>
p_info = (struct private_tveng25_device_info *)
0x819d1b0
__PRETTY_FUNCTION__ = "enable_capture"
__func__ = "enable_capture"
#7 0x0808b32b in tv_enable_capturing (info=0x819d1b0,
enable=0x1) at tveng.c:2780
_unlocked_result = <value optimized out>
__FUNCTION__ = "tv_enable_capturing"
__PRETTY_FUNCTION__ = "tv_enable_capturing"
#8 0x08067196 in request_capture_format
(info=0x819d1b0, width=0x2d0, height=0x240,
pixfmt_set=0x150300300, flags=<value optimized out>) at
capture.c:1288
fmt = (const tv_image_format *) 0x819d2b4
capture_pixfmt = <value optimized out>
target_pixfmt = TV_PIXFMT_UYVY
i = <value optimized out>
id = <value optimized out>
__PRETTY_FUNCTION__ = "request_capture_format"
format_id = 0x0
#9 0x080b2d82 in video_init (window=0x8233020,
gc=0x8218148) at zimage.c:155
pixfmt_set = 0x150300300
i = 0x42
__PRETTY_FUNCTION__ = "video_init"
#10 0x080677b5 in capture_start (info=0x819d1b0,
window=0x8233020) at capture.c:1056
p = (GList *) 0x0
use_queue = 0x0
n_buffers = 0x3
i = <value optimized out>
__PRETTY_FUNCTION__ = "capture_start"
#11 0x080b5e10 in zmisc_switch_mode
(new_dmode=DISPLAY_MODE_WINDOW,
new_cmode=CAPTURE_MODE_READ, info=0x819d1b0,
warnings=0x0) at zmisc.c:672
return_value = <value optimized out>
x = 0x1e
y = 0x9b
w = 0xc0
h = 0x30
old_dmode = DISPLAY_MODE_WINDOW
old_cmode = CAPTURE_MODE_NONE
old_caption = 0x0
muted = 0x0
timeout = 0x5dc
__PRETTY_FUNCTION__ = "zmisc_switch_mode"
#12 0x08078664 in main_0_10cvs6 (argc=0x1,
argv=0xbf87d924) at main.c:343
v = <value optimized out>
i = <value optimized out>
p = <value optimized out>
x_bpp = 0xffffffff
dword_align = 0x0
disable_plugins = 0x0
dummy = 0x3400
video_device = 0x0
command = 0x0
yuv_format = 0x0
norm = 0x0
cpu_feature_str = 0x0
display_name = <value optimized out>
info = (tveng_device_info *) 0x819d1b0
fallback_devices = {0x811e4d4 "/dev/video",
0x811e321 "/dev/video0", 0x811e4df "/dev/v4l/video0",
0x811e4ef "/dev/v4l/video", 0x811e4fe "/dev/video1",
0x811e50a "/dev/video2", 0x811e516 "/dev/video3",
0x811e522 "/dev/v4l/video1", 0x811e532
"/dev/v4l/video2", 0x811e542 "/dev/v4l/video3"}
options = {{longName = 0x812863f "device",
shortName = 0x0, argInfo = 0x1, arg = 0xbf87d844, val =
0x0, descrip = 0x811df73 "Kernel video device",
argDescrip = 0x811df87 "FILENAME"}, {longName =
0x811df90 "xv-video-port", shortName = 0x0, argInfo =
0x2, arg = 0x814c528, val = 0x0, descrip = 0x811df9e
"XVideo video input port", argDescrip = 0x0}, {longName
= 0x811dfb6 "xv-image-port", shortName = 0x0, argInfo =
0x2, arg = 0x814c52c, val = 0x0, descrip = 0x811dfc4
"XVideo image overlay port", argDescrip = 0x0},
{longName = 0x811dfde "xv-port", shortName = 0x0,
argInfo = 0x2, arg = 0x814c528, val = 0x0, descrip =
0x811df9e "XVideo video input port", argDescrip = 0x0},
{longName = 0x811dfe6 "no-xv-video", shortName = 0x0,
argInfo = 0x0, arg = 0x8155964, val = 0x0, descrip =
0x811e948 "Disable XVideo video input support",
argDescrip = 0x0}, {longName = 0x811dff2 "no-xv-image",
shortName = 0x0, argInfo = 0x0, arg = 0x8155968, val =
0x0, descrip = 0x811e96c "Disable XVideo image overlay
support", argDescrip = 0x0}, {longName = 0x811dffe
"no-xv", shortName = 0x76, argInfo = 0x0, arg =
0x8155960, val = 0x0, descrip = 0x811e994 "Disable
XVideo extension support", argDescrip = 0x0}, {longName
= 0x811e004 "no-overlay", shortName = 0x0, argInfo =
0x0, arg = 0x815596c, val = 0x0, descrip = 0x811e00f
"Disable video overlay", argDescrip = 0x0}, {longName =
0x811e025 "remote", shortName = 0x0, argInfo = 0x0, arg
= 0x815596c, val = 0x0, descrip = 0x811e9b8 "X display
is remote, disable video overlay", argDescrip = 0x0},
{longName = 0x811e02c "no-vbi", shortName = 0x69,
argInfo = 0x0, arg = 0x8155970, val = 0x0, descrip =
0x811e033 "Disable VBI support", argDescrip = 0x0},
{longName = 0x811e047 "no-plugins", shortName = 0x70,
argInfo = 0x0, arg = 0xbf87d84c, val = 0x0, descrip =
0x811e052 "Disable plugins", argDescrip = 0x0},
{longName = 0x811e062 "no-zsfb", shortName = 0x7a,
argInfo = 0x0, arg = 0xbf87d848, val = 0x0, descrip =
0x811e06a "Obsolete", argDescrip = 0x0}, {longName =
0x811e073 "esd-out", shortName = 0x0, argInfo = 0x0,
arg = 0x8155990, val = 0x0, descrip = 0x811e9e4 "Copy
recorded sound to sound daemon", argDescrip = 0x0},
{longName = 0x811e07b "ivtv-audio", shortName = 0x0,
argInfo = 0x0, arg = 0x8155994, val = 0x0, descrip =
0x811e086 "Use ivtv audio device", argDescrip = 0x0},
{longName = 0x811e09c "bpp", shortName = 0x62, argInfo
= 0x2, arg = 0xbf87d854, val = 0x0, descrip = 0x811e0a0
"Color depth of the X display", argDescrip = 0x811e0bd
"BPP"}, {longName = 0x811e0d9 "debug", shortName =
0x64, argInfo = 0x0, arg = 0x8155980, val = 0x0,
descrip = 0x811e0c1 "Print debug messages", argDescrip
= 0x0}, {longName = 0x811e0d6 "io-debug", shortName =
0x0, argInfo = 0x0, arg = 0x8155984, val = 0x0, descrip
= 0x0, argDescrip = 0x0}, {longName = 0x811e0df
"dword-align", shortName = 0x0, argInfo = 0x0, arg =
0xbf87d850, val = 0x0, descrip = 0x811ea08 "Force dword
alignment of the overlay window", argDescrip = 0x0},
{longName = 0x811e0eb "command", shortName = 0x63,
argInfo = 0x1, arg = 0xbf87d840, val = 0x0, descrip =
0x811ea34 "Execute the given command and exit",
argDescrip = 0x8126261 "CMD"}, {longName = 0x811e0f3
"yuv-format", shortName = 0x79, argInfo = 0x1, arg =
0xbf87d83c, val = 0x0, descrip = 0x811e06a "Obsolete",
argDescrip = 0x0}, {longName = 0x811e0fe
"tunerless-norm", shortName = 0x6e, argInfo = 0x1, arg
= 0xbf87d838, val = 0x0, descrip = 0x811e06a
"Obsolete", argDescrip = 0x0}, {longName = 0x811e10d
"cpu-features", shortName = 0x0, argInfo = 0x1, arg =
0xbf87d834, val = 0x0, descrip = 0x811e11a "Override
CPU detection", argDescrip = 0x0}, {longName = 0x0,
shortName = 0x0, argInfo = 0x0, arg = 0x0, val = 0x0,
descrip = 0x0, argDescrip = 0x0}}
TVENG_PIX_YUYV = 0x8
TVENG_PIX_YVU420 = 0x6
__PRETTY_FUNCTION__ = "main_0_10cvs6"
#13 0x0807895a in main (argc=Cannot access memory at
address 0x5a
) at main.c:1103
No locals.
gdb>

Discussion

  • Logged In: YES
    user_id=266151
    Originator: NO

    Exactly the same here (though my zvbi is 0.2.25).

    I found the code which is accessing illegal memory, but not the root cause yet.

    Any takers?

     
  • Logged In: YES
    user_id=266151
    Originator: NO

    Still no takers?

    Current CVS still crashes this way. My assumption is that the memory is not allocated large enough for the given format->offset[1]:

    dst = (uint8_t *) image + format->offset[1];

    Unfortunately, I cannot figure out where memory for dst is reserved.