[vlc-devel] segfault in mpgatofixed32.c

Denis denis at voxelsoft.com
Sun Jul 12 17:28:23 CEST 2009 

Hi,

I get a reproducible crash in a loop within DoWork:

int i_size = p_out_buf->i_nb_bytes / sizeof(float);
float * a = (float *)p_out_buf->p_buffer;
for ( i = 0 ; i < i_size ; i++ )
    *a++ = 0.0; // crash

(gdb) print *p_in_buf
$35 = {p_buffer = 0x20c7968, i_alloc_type = 2,
  i_size = 4212, i_nb_bytes = 322, i_nb_samples = 1152,
  start_date = 22173084417, end_date = 22173110539, b_discontinuity = 
false,
  p_next = 0x20cebf0, p_sys = 0x183bed0, pf_release = 0x1839910}

(gdb) print *p_out_buf
$34 = {p_buffer = 0x7f8f0d3efc68, i_alloc_type = 1,
  i_size = 4220, i_nb_bytes = 9216, i_nb_samples = 1152,
  start_date = 22173084417, end_date = 22173110539, b_discontinuity = 
false,
  p_next = 0x3630382e30, p_sys = 0x7f8f5eaef187, pf_release = 0}

Looks like p_out_buf->i_nb_bytes is a bit big compared to p_out_buf->i_size.

(gdb) bt
#0  DoWork (p_aout=0x20563d8, p_filter=0x20973f8, p_in_buf=0x20c7910,
    p_out_buf=0x7f8f0d3efc10) at mpgatofixed32.c:141
#1  0x00007f8f5f97941d in aout_FiltersPlay (p_aout=0x20563d8,
    pp_filters=<value optimized out>, i_nb_filters=2,
    pp_input_buffer=0x7f8f0d3f0dd8) at audio_output/filters.c:359
#2  0x00007f8f5f97bc83 in aout_InputPlay (p_aout=0x20563d8, 
p_input=0x1f2e320,
    p_buffer=0x20c7910, i_input_rate=1000) at audio_output/input.c:665
#3  0x00007f8f5f978804 in aout_DecPlay (p_aout=0x20563d8, 
p_input=0x1f2e320,
    p_buffer=0x20c7910, i_input_rate=1000) at audio_output/dec.c:345
#4  0x00007f8f5f945827 in DecoderDecodeAudio (p_dec=0x204fb38,
    p_block=0x204d3a0) at input/decoder.c:1166
#5  0x00007f8f5f946a8d in DecoderProcess (p_dec=0x204fb38,
    p_block=0x7f8f5ebdf590) at input/decoder.c:1833
#6  0x00007f8f5f946bc5 in DecoderThread (p_this=<value optimized out>)
    at input/decoder.c:874
#7  0x00007f8f5f994616 in thread_entry (data=<value optimized out>)
    at misc/threads.c:58
#8  0x00007f8f5f2a53ba in start_thread () from /lib/libpthread.so.0
#9  0x00007f8f5eb88fcd in clone () from /lib/libc.so.6
#10 0x0000000000000000 in ?? ()

$ uname -a
Linux denis-pc 2.6.28-13-generic #45-Ubuntu SMP Tue Jun 30 22:12:12 UTC 
2009 x86_64 GNU/Linux

Playing network source http://www.di.fm/mp3/eurodance.pls

Thanks,
Denis

More information about the vlc-devel mailing list