[vdr] [PATCH] fix segfault in cSkins::Message

Wolfgang Rohdewald wolfgang at rohdewald.de
Thu Jun 30 11:59:19 CEST 2005


On Donnerstag 30 Juni 2005 10:31, Wolfgang Rohdewald wrote:
> this happens if the MENUTIMEOUT makes the OSD menu 
> disappear while a message is displayed.

more is needed - all delete osd should also nullify it. See
gdb output below.

also, I can only get rid of the segfault shown by valgrind below
if constructors with osd as private member nullify osd right
at the beginning, before calling NewOsd(). (I did not check which
constructor causes my segfault, just applied it to all of them).

I suppose other skins might have the same problem.

This looks to me as if access to osd might not be threadsafe,
but I am by no means a thread expert

Extended patch attached. While being at it, I replaced a few
more delete x by DELETENULL(x)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 8769)]
0x080fec70 in cSkinClassicDisplayMessage::Flush (this=0x9f38ec0) at skinclassic.c:644
644       osd->Flush();
Current language:  auto; currently c++
(gdb) p osd
$1 = (class cOsd *) 0x10
(gdb) bt
#0  0x080fec70 in cSkinClassicDisplayMessage::Flush (this=0x9f38ec0) at skinclassic.c:644
#1  0x081015dc in cSkins::Flush (this=0x81ef5a4) at skins.c:210
#2  0x080b95ab in cInterface::GetKey (this=0x9e5b6b8, Wait=true) at interface.c:35
#3  0x081223c5 in main (argc=14, argv=0xbf85ffd4) at vdr.c:639

line 644 is:
  if (osd)
          osd->Flush();

==20735== Conditional jump or move depends on uninitialised value(s)
==20735==    at 0x80FED8D: cSkinClassicDisplayMessage::Flush() (skinclassic.c:644)
==20735==    by 0x81016FF: cSkins::Flush() (skins.c:210)
==20735==    by 0x80B9612: cInterface::GetKey(bool) (interface.c:35)
==20735==    by 0x81224E8: main (vdr.c:639)
==20735==
==20735== Use of uninitialised value of size 4
==20735==    at 0x80FED95: cSkinClassicDisplayMessage::Flush() (skinclassic.c:645)
==20735==    by 0x81016FF: cSkins::Flush() (skins.c:210)
==20735==    by 0x80B9612: cInterface::GetKey(bool) (interface.c:35)
==20735==    by 0x81224E8: main (vdr.c:639)
==20735==
==20735== Invalid read of size 4
==20735==    at 0x80FEDA3: cSkinClassicDisplayMessage::Flush() (skinclassic.c:645)
==20735==    by 0x81016FF: cSkins::Flush() (skins.c:210)
==20735==    by 0x80B9612: cInterface::GetKey(bool) (interface.c:35)
==20735==    by 0x81224E8: main (vdr.c:639)
==20735==  Address 0x6564698A is not stack'd, malloc'd or (recently) free'd
==20735==
==20735== Process terminating with default action of signal 11 (SIGSEGV)
==20735==  GPF (Pointer out of bounds?)
==20735==    at 0x80FEDA3: cSkinClassicDisplayMessage::Flush() (skinclassic.c:645)
==20735==    by 0x81016FF: cSkins::Flush() (skins.c:210)
==20735==    by 0x80B9612: cInterface::GetKey(bool) (interface.c:35)
==20735==    by 0x81224E8: main (vdr.c:639)
==20735==


-- 
Wolfgang
-------------- next part --------------
A non-text attachment was scrubbed...
Name: osd.patch
Type: text/x-diff
Size: 4787 bytes
Desc: not available
Url : http://www.linuxtv.org/pipermail/vdr/attachments/20050630/fd4a0f54/osd.bin


More information about the vdr mailing list