#186 Crash in consumer_play_video() at consumer_sdl_still.c:520

trunk
closed
nobody
None
5
2013-06-20
2013-02-08
No

Hi, I'm using mlt through kdenlive, and experiencing crashes while using timeline in a simple way.

  • select region in a clip, with I, O keys
  • ctrl + shift + I

after a few attempts, I get crash

From a trace it is because some data are used after they are freed.

See:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffca531700 (LWP 1964)]
0x00007fffd9e32701 in consumer_play_video (this=0x18e6dc0, frame=0x7fff5c091800) at consumer_sdl_still.c:520
520         switch( this->sdl_screen->format->BytesPerPixel )
Traceback (most recent call last):
#0  0x00007fffd9e32701 in consumer_play_video (this=0x18e6dc0, frame=0x7fff5c091800) at consumer_sdl_still.c:520
#1  0x00007fffd9e3295d in consumer_thread (arg=0x18e6dc0) at consumer_sdl_still.c:579
#2  0x00007ffff490fe0f in start_thread () from /usr/lib/libpthread.so.0
#3  0x00007ffff2a0defd in clone () from /usr/lib/libc.so.6

(gdb) p *this->sdl_screen 
$4 = {
  flags = 20535760, 
  format = 0x0,            <-----------------
  w = 262187, 
  h = 0, 
  pitch = 48144, 
  pixels = 0x30000001f, 
  offset = 25773936, 
  hwdata = 0xfbe0e0, 
  clip_rect = {
    x = 0, 
    y = 0, 
    w = 0, 
    h = 0
  }, 
  unused1 = 4121940032, 
  locked = 32767, 
  map = 0x3001b, 
  format_version = 96, 
  refcount = 0             <-----------------
}

This is with the latest code from git master branches of kdenlive and mlt.

Discussion

  • Ondřej Jirman
    Ondřej Jirman
    2013-02-08

    BTW, this->sdl_screen is also freed

    (gdb) p *this->sdl_screen 
    $5 = {
      flags = 20535760, 
      format = 0x0, 
      w = 262187, 
      h = 0, 
      pitch = 48144, 
      pixels = 0x30000001f, 
      offset = 25773936, 
      hwdata = 0xfbe0e0, 
      clip_rect = {
        x = 0, 
        y = 0, 
        w = 0, 
        h = 0
      }, 
      unused1 = 4121940032, 
      locked = 32767, 
      map = 0x3001b, 
      format_version = 96, 
      refcount = 0
    }
    
     
  • Dan Dennedy
    Dan Dennedy
    2013-02-10

    I believe this is fixed in git commits 0f587b and 53c7c6.
    I had some difficulty to reproduce it, but I eventually did. My fix is to remove all local references to SDL_Surface (sdl_screen) since it is risky to protect but can easily be obtained via SDL_GetVideoSurface(). It will be very nice if you can confirm the fix since it sounds like it might be easier to reproduce on your system.

     
  • Dan Dennedy
    Dan Dennedy
    2013-02-10

    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -1,4 +1,3 @@
    -
     Hi, I'm using mlt through kdenlive, and experiencing crashes while using timeline in a simple way.
    
       - select region in a clip, with I, O keys
    
    • status: open --> pending
     
  • Ondřej Jirman
    Ondřej Jirman
    2013-02-10

    Thank you for the fix. I can't reproduce the crash anymore, while with the original version it crashed very often.

     
  • Dan Dennedy
    Dan Dennedy
    2013-02-10

    • status: pending --> accepted
     
  • Dan Dennedy
    Dan Dennedy
    2013-06-20

    • status: accepted --> closed