[vlc-devel] memory corruption / vlc in valgrind

Gilles Sabourin gilles.sabourin at free.fr
Sun Nov 11 17:40:24 CET 2007


Le Sunday 11 November 2007 15:26:42 Jean-Paul Saman, vous avez écrit :
> Gilles Sabourin wrote:
> > Hello JP,
> >
> > Anything new ? I have seen in vlc/timeline that you have enhanced
> > subtitle codec.
> >
> > I discovered a filtering config file "valgrind.suppressions" in
> > vlc/extras for valgrind, and then I have modified valgrind launch as
> > below :
> > valgrind --tool=memcheck --leak-check=yes --trace-children=yes
> > --suppressions=vlc-beta-0.9.0/extras/valgrind.suppressions --log-file=log
> > /usr/bin/vlc
> >
> > I have attached the log file.
>
> It looks like an 32-bit vs 64-bit problem in RenderText
> (modules/misc/freetype.c), which corrupts the heap inside libfribidi.so.
> The code is doing pointer arithmic with 32bits assumptions in a while loop.
>
> Could you try attached patch (patch -p0 < freetype-lib64-crash.patch)
> and see if it makes *any* difference.
>
> > ------------------------------------------------------------------------
>
> -- snip, snip --
>
> > ==17506==
> > ==17506== Thread 16:
> > ==17506== Invalid read of size 8
> > ==17506==    at 0x834C878: (within /usr/lib64/libfribidi.so.0.0.0)
> > ==17506==    by 0x834D1EE: fribidi_log2vis (in
> > /usr/lib64/libfribidi.so.0.0.0) ==17506==    by 0x142AD12E: RenderText
> > (freetype.c:1161)
> > ==17506==    by 0x4EADA39: spu_RenderSubpictures (vout_subpictures.c:787)
> > ==17506==    by 0x4EA9951: vout_RenderPicture (vout_pictures.c:320)
> > ==17506==    by 0x4EA788C: RunThread (video_output.c:1064)
> > ==17506==    by 0x578F09D: start_thread (in /lib64/libpthread-2.5.so)
> > ==17506==    by 0x5C6968C: clone (in /lib64/libc-2.5.so)
> > ==17506==  Address 0x14FD31D0 is 24 bytes inside a block of size 28
> > alloc'd ==17506==    at 0x4C22AC6: malloc (in
> > /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==17506==    by
> > 0x142ACE63: RenderText (freetype.c:1088)
> > ==17506==    by 0x4EADA39: spu_RenderSubpictures (vout_subpictures.c:787)
> > ==17506==    by 0x4EA9951: vout_RenderPicture (vout_pictures.c:320)
> > ==17506==    by 0x4EA788C: RunThread (video_output.c:1064)
> > ==17506==    by 0x578F09D: start_thread (in /lib64/libpthread-2.5.so)
> > ==17506==    by 0x5C6968C: clone (in /lib64/libc-2.5.so)
>
> -- snip, snip --
>
> > ==17506== Invalid write of size 8
> > ==17506==    at 0x834D254: fribidi_log2vis (in
> > /usr/lib64/libfribidi.so.0.0.0) ==17506==    by 0x142AD12E: RenderText
> > (freetype.c:1161)
> > ==17506==    by 0x4EADA39: spu_RenderSubpictures (vout_subpictures.c:787)
> > ==17506==    by 0x4EA9951: vout_RenderPicture (vout_pictures.c:320)
> > ==17506==    by 0x4EA788C: RunThread (video_output.c:1064)
> > ==17506==    by 0x578F09D: start_thread (in /lib64/libpthread-2.5.so)
> > ==17506==    by 0x5C6968C: clone (in /lib64/libc-2.5.so)
> > ==17506==  Address 0x14F028D0 is not stack'd, malloc'd or (recently)
> > free'd ==17506==
>
> -- snip, snip --
>
> > ==17506== Thread 16:
> > ==17506== Conditional jump or move depends on uninitialised value(s)
> > ==17506==    at 0x834D99C: fribidi_get_type_internal (in
> > /usr/lib64/libfribidi.so.0.0.0) ==17506==    by 0x834C880: (within
> > /usr/lib64/libfribidi.so.0.0.0) ==17506==    by 0x834D1EE:
> > fribidi_log2vis (in /usr/lib64/libfribidi.so.0.0.0) ==17506==    by
> > 0x142AD12E: RenderText (freetype.c:1161)
> > ==17506==    by 0x4EADA39: spu_RenderSubpictures (vout_subpictures.c:787)
> > ==17506==    by 0x4EA9951: vout_RenderPicture (vout_pictures.c:320)
> > ==17506==    by 0x4EA788C: RunThread (video_output.c:1064)
> > ==17506==    by 0x578F09D: start_thread (in /lib64/libpthread-2.5.so)
> > ==17506==    by 0x5C6968C: clone (in /lib64/libc-2.5.so)
> > ==17506==
> > ==17506== Conditional jump or move depends on uninitialised value(s)
> > ==17506==    at 0x834D99C: fribidi_get_type_internal (in
> > /usr/lib64/libfribidi.so.0.0.0) ==17506==    by 0x834D00D: (within
> > /usr/lib64/libfribidi.so.0.0.0) ==17506==    by 0x834D1EE:
> > fribidi_log2vis (in /usr/lib64/libfribidi.so.0.0.0) ==17506==    by
> > 0x142AD12E: RenderText (freetype.c:1161)
> > ==17506==    by 0x4EADA39: spu_RenderSubpictures (vout_subpictures.c:787)
> > ==17506==    by 0x4EA9951: vout_RenderPicture (vout_pictures.c:320)
> > ==17506==    by 0x4EA788C: RunThread (video_output.c:1064)
> > ==17506==    by 0x578F09D: start_thread (in /lib64/libpthread-2.5.so)
> > ==17506==    by 0x5C6968C: clone (in /lib64/libc-2.5.so)
> >
> > valgrind: m_mallocfree.c:194 (get_bszB_as_is): Assertion 'bszB_lo ==
> > bszB_hi' failed. valgrind: Heap block lo/hi size mismatch: lo = 104, hi =
> > 0.
> > Probably caused by overrunning/underrunning a heap block's bounds.
> >
> > ==17506==    at 0x38017803: (within
> > /usr/lib64/valgrind/amd64-linux/memcheck) ==17506==    by 0x38017B66:
> > (within /usr/lib64/valgrind/amd64-linux/memcheck) ==17506==    by
> > 0x38020484: (within /usr/lib64/valgrind/amd64-linux/memcheck) ==17506==  
> >  by 0x380358D0: (within /usr/lib64/valgrind/amd64-linux/memcheck)
> > ==17506==    by 0x38001819: (within
> > /usr/lib64/valgrind/amd64-linux/memcheck) ==17506==    by 0x38035F77:
> > (within /usr/lib64/valgrind/amd64-linux/memcheck) ==17506==    by
> > 0x38037662: (within /usr/lib64/valgrind/amd64-linux/memcheck) ==17506==  
> >  by 0x38052FC9: (within /usr/lib64/valgrind/amd64-linux/memcheck)
> > ==17506==    by 0x380531AB: (within
> > /usr/lib64/valgrind/amd64-linux/memcheck) ==17506==    by 0x380550BD:
> > (within /usr/lib64/valgrind/amd64-linux/memcheck) ==17506==    by 0x7:
> > ???
>
> Gtz,
> Jean-Paul Saman

Thanks Jean-Paul,

I have applied this patch on last svn revision and have checked it : vlc is 
crashing immediatly in glibc (strcmp). You'll find the new valgrind log 
attached.

(gdb) run Desktop/TV_fbx.m3u
Starting program: /usr/bin/vlc Desktop/TV_fbx.m3u
[Thread debugging using libthread_db enabled]
[New Thread 0x2b54c2f13950 (LWP 25514)]
VLC media player 0.9.0-svn Grishenko
[00000001] main libvlc debug: VLC media player - version 0.9.0-svn Grishenko - 
(c) 1996-2007 the VideoLAN team
[00000001] main libvlc debug: libvlc was configured 
with ./configure  '--prefix=/usr' '--libdir=/usr/lib64' '--enable-fast-install' '--enable-shout' '--enable-skins2' '--disable-pda' '--disable-macosx' '--disable-qnx' '--enable-ncurses' '--enable-xosd' '--enable-visual' '--disable-goom' '--enable-slp' '--enable-lirc' '--disable-joystick' '--disable-corba' '--enable-dvdread' '--enable-dvdnav' '--disable-dshow' '--enable-v4l' '--enable-pvr' '--enable-vcd' '--enable-satellite' '--enable-ogg' '--enable-mkv' '--enable-mod' '--enable-libcdio' '--enable-vcdx' '--enable-cddax' '--enable-libcddb' '--enable-x11' '--enable-xvideo' '--enable-glx' '--enable-fb' '--enable-mga' '--enable-freetype' '--enable-fribidi' '--enable-svg' '--disable-hd1000v' '--disable-directx' '--disable-wingdi' '--disable-glide' '--enable-aa' '--enable-caca' '--enable-oss' '--enable-esd' '--enable-arts' '--enable-waveout' '--enable-portaudio' '--disable-coreaudio' '--disable-hd1000a' '--enable-mad' '--enable-ffmpeg' '--enable-faad' '--enable-a52' '--enable-dca' '--enable-flac' '--enable-libmpeg2' '--enable-vorbis' '--enable-tremor' '--enable-speex' '--disable-tarkin' '--enable-theora' '--enable-cmml' '--enable-utf8' '--disable-pth' '--disable-st' '--disable-gprof' '--disable-cprof' '--disable-testsuite' '--disable-optimizations' '--disable-altivec' '--enable-debug' '--enable-release' '--enable-sout' '--with-ffmpeg-faac' '--disable-galaktos' '--enable-httpd' '--disable-jack' '--enable-mozilla' '--enable-alsa' '--enable-real' '--enable-realrtsp' '--enable-live555' '--with-live555-tree=/usr/lib64/live' '--enable-dvbpsi' '--enable-dvb'
[New Thread 0x40800950 (LWP 25517)]
[00000001] main libvlc debug: translation test: code is "Fr"
[New Thread 0x41005950 (LWP 25530)]
[New Thread 0x41806950 (LWP 25531)]
[New Thread 0x42007950 (LWP 25532)]
[New Thread 0x42808950 (LWP 25533)]
[New Thread 0x43009950 (LWP 25534)]
[New Thread 0x4380a950 (LWP 25535)]
[New Thread 0x4400b950 (LWP 25536)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x42808950 (LWP 25533)]
0x00002b54c24d7eb4 in strcmp () from /lib64/libc.so.6
(gdb) bt full
#0  0x00002b54c24d7eb4 in strcmp () from /lib64/libc.so.6
No symbol table info available.
#1  0x00002b54c248e36b in ?? () from /lib64/libc.so.6
No symbol table info available.
Cannot access memory at address 0xfffff381

Greetings,
Gilles Sabourin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.24745
Type: text/x-csrc
Size: 31223 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20071111/ea652578/attachment.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20071111/ea652578/attachment.sig>


More information about the vlc-devel mailing list