Opened 20 years ago
Closed 20 years ago
Last modified 20 years ago
#1807 closed defect (fixed)
mythfrontend 0.19-fixes svn 9926 crashing in OSDImageCacheValue::GetSize()
| Reported by: | Owned by: | danielk | |
|---|---|---|---|
| Priority: | minor | Milestone: | unknown |
| Component: | mythtv | Version: | 0.19 |
| Severity: | medium | Keywords: | |
| Cc: | Ticket locked: | no |
Description
Hi,
I just downloaded the latest 9926 svn of 0.19-fixes and I get a 100% repeatable frontend crash whenever I hit the menu key in livetv. Note that the menu works fine on recordings.
I recompiled with debug and got rid of xvmc and friends... in fact I only enable dvb and the debug compile options to reduce the variables. It still 100% reproducable on live-tv only.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 131080 (LWP 7979)]
0xb7a4474e in OSDImageCacheValue::GetSize (this=0xf3e95c0)
at osdimagecache.h:23
23 uint GetSize(void) const { return m_size_in_bytes; }
(gdb) p m_size_in_bytes
Cannot access memory at address 0xa00905be
Not sure why I cannot access m_size_in_bytes... this would seem to be the crux of the problem.
Here's the gdb backtrace:
(gdb) bt
#0 0xb7a4474e in OSDImageCacheValue::GetSize (this=0xf3e95c0)
at osdimagecache.h:23
#1 0xb7a4347f in OSDImageCache::Insert (this=0xb7ec49c0, value=0xf3e95c0)
at osdimagecache.cpp:224
#2 0xb7a2b25e in OSDTypeImage::LoadImage (this=0x876c4a0,
filename=@0xb2a57874, wmult=0.824999988, hmult=1.20208335, scalew=-1,
scaleh=-1) at osdtypes.cpp:873
#3 0xb7a3d239 in OSDListBtnType::LoadPixmap (this=0x876c1e0, pix=@0x876c4a0,
fileName=@0xb2a57904) at osdlistbtntype.cpp:679
#4 0xb7a3c8bd in OSDListBtnType::Init (this=0x876c1e0)
at osdlistbtntype.cpp:601
#5 0xb7a3d98e in OSDListBtnTypeItem (this=0x89324b0, lbtype=0x876c1e0,
text=@0xb2a57a64, pixmap=0x0, checkable=false, showArrow=false,
state=NotChecked) at osdlistbtntype.cpp:695
#6 0xb7a39ecd in OSDListTreeType::FillLevelFromTree (this=0x834af40,
item=0x8979418, level_num=0) at osdlistbtntype.cpp:296
#7 0xb7a39163 in OSDListTreeType::SetAsTree (this=0x834af40,
toplevel=0x8979418, select_list=0x0) at osdlistbtntype.cpp:184
#8 0xb7a208b5 in OSD::ShowTreeMenu (this=0x8958bc8, name=@0xb2a57bc4,
treeToShow=0x8979418) at osd.cpp:2355
#9 0xb79b1d40 in TV::ShowOSDTreeMenu (this=0xb3a11030) at tv_play.cpp:5532
#10 0xb7996f6b in TV::ProcessKeypress (this=0xb3a11030, e=0xaef00540)
at tv_play.cpp:2372
Also:
5
532 OSDListTreeType *tree = GetOSD()->ShowTreeMenu("menu", treeMenu);
The parameters passed to ShowTreeMenu appear to be a static string "menu" and a treeMenu object which contains the following prior to the SIGSEGV:
(gdb) p *treeMenu $2 = {<GenericTree> = {_vptr.GenericTree = 0xb7efe820, m_string = {
static null = {
static null = <same as static member of an already seen type>, d = 0x817ee00, static shared_null = 0x817ee00}, d = 0xaef02c30,
static shared_null = 0x817ee00}, m_int = 0, m_subnodes = 0xaef02dc0,
m_ordered_subnodes = 0xaef02df0, m_flatened_subnodes = 0xaef02e20, m_selected_subnode = 0x0, m_attributes = 0xaef02c48, m_parent = 0x0, m_selectable = false, m_current_ordering_index = -1}, m_image = 0x0,
m_action = {static null = {
static null = <same as static member of an already seen type>, d = 0x817ee00, static shared_null = 0x817ee00}, d = 0xaef02b90,
static shared_null = 0x817ee00}, m_group = {static null = {
static null = <same as static member of an already seen type>, d = 0x817ee00, static shared_null = 0x817ee00}, d = 0xaef02b90,
static shared_null = 0x817ee00}, m_checkable = -1, m_parentButton = 0x0}
The call before the GetSize looks like this in the debugger:
Breakpoint 1, OSDTypeImage::LoadImage (this=0x855ede0, filename=@0x855ee34,
wmult=0.824999988, hmult=1.20208335, scalew=-1, scaleh=-1) at osdtypes.cpp:792
792 QString ckey;
I'm running a gentoo system with qt-3.3.4 and a 2.6.15-gentoo-r5 SMP kernel. The card is an old Hauppauge Nova-T DVB-T card with the tda1004x frontend.
If I can be of any more help please do not hesitate to contact me!
Cheers,
Doug
(In [9927]) Fixes #1807. Crash on uninitialized OSD cache pointer in 0.19-fixes.
I was able to reproduce this (through a slightly more circuitus route). It looks like this was do to a lost change in the backport, but I also noticed that this depends on "delete NULL;" being safe. I added a null check before the delete which I'll port back to SVN head.