[vdr] get a segmentation fault when starting vdr (backtrace included)

Lars Hanisch dvb at flensrocker.de
Fri Nov 30 10:17:21 CET 2012 

Hi,

Am 29.11.2012 16:17, schrieb Dieter Bloms:
> Hello,
> 
> I've compiled vdr on alpinelinux 2.5.0 and get a segfault during
> start of vdr.
> Even without plugins I get this segfault (I didn't apply any patch to
> vdr sources).
> Vdr was started with the command:
> 
> /usr/local/bin/vdr --config=/etc/vdr --epgfile=/tmp/epg.data --grab=/dev/shm --log=3.1 --mute --no-kbd --user=root --video=/remote/vdr/
> 
> I've made a backtrace with gdb:
> 
> --snip--
> vdrservernew:/tmp# gdb --core core /usr/local/bin/vdr
> GNU gdb (GDB) 7.5
> Copyright (C) 2012 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-unknown-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/local/bin/vdr...done.
> [New LWP 26493]
> [New LWP 26492]
> [New LWP 26494]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/libthread_db.so.1".
> Core was generated by `/usr/local/bin/vdr --config=/etc/vdr --epgfile=/tmp/epg.data --grab=/dev/shm --'.
> Program terminated with signal 11, Segmentation fault.
> #0  skipspace (s=0x40800000 <Address 0x40800000 out of bounds>) at tools.h:196
> 196       if ((uchar)*s > ' ') // most strings don't have any leading space, so handle this case as fast as possible
> (gdb) bt
> #0  skipspace (s=0x40800000 <Address 0x40800000 out of bounds>) at tools.h:196
> #1  isempty (s=0x40800000 <Address 0x40800000 out of bounds>) at tools.c:249
> #2  0x00000000004a1eb9 in FromString (s=0x2e531d2 "1 01 deu 4:3", this=0x2e4aba0) at epg.c:36

 Looks like the pointer returned by sscanf is not valid:

32: bool tComponent::FromString(const char *s)
33: {
34:   unsigned int Stream, Type;
35:   int n = sscanf(s, "%X %02X %7s %a[^\n]", &Stream, &Type, language, &description); // 7 = MAXLANGCODE2 - 1
36:   if (n != 4 || isempty(description)) {
37:      free(description);
38:      description = NULL;
39:      }
40:   stream = Stream;
41:   type = Type;
42:   return n >= 3;
43: }

 What I would do:
- set description to NULL before the sscanf
- log all values returned by sscanf and compare it with the given string

 Maybe a problem/different behaviour in the uClibc?

Lars.

> #3  cComponents::SetComponent (this=<optimized out>, Index=0, s=s at entry=0x2e531d2 "1 01 deu 4:3") at epg.c:81
> #4  0x00000000004a40f3 in cEvent::Parse (this=0x2e43360, s=<optimized out>) at epg.c:495
> #5  0x00000000004e9ea6 in cRecordingInfo::Read (this=0x2e2d110, f=f at entry=0x2e2c330) at recording.c:468
> #6  0x00000000004eb4e3 in cRecording::cRecording (this=0x2e2c650, FileName=0x2e4c15c "Sex_and_the_City_2/2012-11-19.20.10.27-0.rec") at recording.c:723
> #7  0x00000000004eceb1 in cRecordings::ScanVideoDir (this=0x7fe7c0 <Recordings>, DirName=0x2e412b0 "/remote/vdr/Sex_and_the_City_2", Foreground=false, LinkLevel=0) at recording.c:1165
> #8  0x00000000004ed32c in cRecordings::ScanVideoDir (this=0x7fe7c0 <Recordings>, DirName=0x2e25ff0 "/remote/vdr", Foreground=false, LinkLevel=0) at recording.c:1180
> #9  0x000000000052694e in cThread::StartThread (Thread=0x7fe7e0 <Recordings+32>) at thread.c:262
> #10 0x00006e6b7ce69406 in start_thread () from /lib/libpthread.so.0.9.32
> #11 0x00006e6b7ce61885 in clone () from /lib/libpthread.so.0.9.32
> #12 0x0000000000000000 in ?? ()
> --snip--
> 
> does anybody see what is wrong here ?
> 
>

More information about the vdr mailing list