crash report from archlinux
Closed this issue · 16 comments
FYI:
https://bugs.archlinux.org/task/75994
vlc: /build/libgme/src/game-music-emu-0.6.3/gme/blargg_common.h:58:
T& blargg_vector<T>::operator[](size_t) const [with T = short int; size_t = long unsigned int]:
Assertion `n <= size_' failed.
The ticket is closed by building libgme in 'Release' mode instead of 'Debug'
but that's obviously not a fix.
I do not have a way of testing or knowing whether or not the issue still is
present.
I checked this, and it doesn't gets reproduced on the lates state... I'll try to check this deeper...
Remember that the issue was reported to show itself when the library is built in debug mode.
Ye, I did that in debug mode, and it doesn't gets crashed on my end. I may guess that bug had neen fixed before me, or something... 🤔
It's better to verify the LATEST development version on the same place to ensure the thing works as needed.
Seems to verify this, I will need to install the Docker container and run the stuff inside it... 🤔
It still happens with the latest development code if libgme is built with build type Debug or None.
Here is the full backtrace:
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
tid = <optimized out>
ret = 0
pd = <optimized out>
old_mask = {__val = {128663913752624}}
ret = <optimized out>
#1 0x00007504f61ffeb3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
No locals.
#2 0x00007504f61a7a30 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
ret = <optimized out>
#3 0x00007504f618f4c3 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {128664169223750, 128663597204288, 128663597204288, 128663597092560, 7, 0,
4, 8589934592, 0, 128663913752808, 18446744073709551496, 2, 128663597204272, 128663913752848, 128664169672110, 128664170980576}}, sa_flags = 2143672064,
sa_restorer = 0x7504e6dfe910}
#4 0x00007504f618f3df in __assert_fail_base (fmt=0x7504f631ab68 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7504cc78deaf "n <= size_",
file=file@entry=0x7504cc78a330 "/usr/src/debug/libgme/game-music-emu/gme/blargg_common.h", line=line@entry=65,
function=function@entry=0x7504cc78ad28 "T& blargg_vector<T>::operator[](size_t) const [with T = short int; size_t = long unsigned int]") at assert.c:94
str = 0x7504d401c340 "\214\233L\204\003u"
total = 4096
#5 0x00007504f619fc67 in __assert_fail (assertion=0x7504cc78deaf "n <= size_", file=0x7504cc78a330 "/usr/src/debug/libgme/game-music-emu/gme/blargg_common.h", line=65,
function=0x7504cc78ad28 "T& blargg_vector<T>::operator[](size_t) const [with T = short int; size_t = long unsigned int]") at assert.c:103
No locals.
#6 0x00007504cc757de8 in blargg_vector<short>::operator[](unsigned long) const [clone .part.0] [clone .lto_priv.0] [clone .lto_priv.0] (n=<optimized out>,
this=<optimized out>) at /usr/src/debug/libgme/game-music-emu/gme/blargg_common.h:65
__PRETTY_FUNCTION__ = <optimized out>
#7 0x00007504cc788b1e in blargg_vector<short>::operator[] (this=<optimized out>, n=<optimized out>, this=<optimized out>, n=<optimized out>)
at /usr/src/debug/libgme/game-music-emu/gme/Spc_Emu.cpp:347
__PRETTY_FUNCTION__ = <optimized out>
#8 Fir_Resampler_::skip_input (this=0x7504d4c2a6f8, count=-2) at /usr/src/debug/libgme/game-music-emu/gme/Fir_Resampler.cpp:195
remain = <optimized out>
max_count = <optimized out>
remain = <optimized out>
max_count = <optimized out>
#9 Spc_Emu::skip_ (this=0x7504d4c2a510, count=1099072) at /usr/src/debug/libgme/game-music-emu/gme/Spc_Emu.cpp:332
resampler_latency = <optimized out>
buf = {9520, -11264, 29956, 0, -15738, -2551, 29956, 0, 24, 0, 48, 0, -5440, -6433, 29956, 0, -5632, -6433, 29956, 0, -10496, 32709, -28993, -18474, 18960, 26816,
29956, 0, 0, 0, 0, 0, -1, -1, -1, -1, 13, 0, 0, 0, -5264, -6433, 29956, 0, 0, 0, 0, 0, 22620, 18, 0, 0, -10496, 32709, -28993, -18474, 0, 0, 0, 0, 5519, -2605,
29956, 0}
#10 0x00007504cc7886e2 in Music_Emu::skip(long) [clone .isra.0] (this=this@entry=0x7504d4c2a510, count=<optimized out>)
at /usr/src/debug/libgme/game-music-emu/gme/Music_Emu.cpp:263
__PRETTY_FUNCTION__ = <optimized out>
#11 0x00007504cc759905 in Music_Emu::seek_samples (this=0x7504d4c2a510, time=1879008) at /usr/src/debug/libgme/game-music-emu/gme/Music_Emu.cpp:236
blargg_return_err_ = <optimized out>
#12 Music_Emu::seek_samples (this=0x7504d4c2a510, time=1879008) at /usr/src/debug/libgme/game-music-emu/gme/Music_Emu.cpp:232
No locals.
#13 Music_Emu::seek (this=0x7504d4c2a510, msec=<optimized out>) at /usr/src/debug/libgme/game-music-emu/gme/Music_Emu.cpp:241
No locals.
#14 gme_seek (me=0x7504d4c2a510, msec=<optimized out>) at /usr/src/debug/libgme/game-music-emu/gme/gme.cpp:398
No locals.
#15 0x00007504cea58844 in Control (demux=<optimized out>, query=<optimized out>, args=<optimized out>) at demux/gme.c:275
pos = 4.8241146318778998e+228
seek = <optimized out>
sys = 0x7504d4007c40
#16 0x00007504f60a12e9 in demux_Control (p_demux=<optimized out>, i_query=<optimized out>) at ../include/vlc_demux.h:365
args = {{gp_offset = 16, fp_offset = 64, overflow_arg_area = 0x7504e6dfec20, reg_save_area = 0x7504e6dfeb60}}
i_result = <optimized out>
#17 0x00007504f60bfde3 in Control (p_input=p_input@entry=0x750484005cb0, i_type=i_type@entry=2, val=..., val@entry=...) at input/input.c:2033
f_pos = 0.1919
i_control_date = <optimized out>
b_force_update = false
__func__ = "Control"
#18 0x00007504f60c140b in MainLoop (p_input=p_input@entry=0x750484005cb0, b_interactive=b_interactive@entry=true) at input/input.c:802
i_deadline = <optimized out>
b_postpone = <optimized out>
i_type = <optimized out>
val = {i_int = 1044676975, b_bool = 111, f_float = 0.1919, psz_string = 0x3e44816f <error: Cannot access memory at address 0x3e44816f>, p_address = 0x3e44816f,
p_list = 0x3e44816f, coords = {x = 1044676975, y = 0}}
i_wakeup = 178772337612
b_paused = <optimized out>
i_intf_update = <optimized out>
i_last_seek_mdate = 0
b_pause_after_eof = false
b_paused_at_eof = <optimized out>
p_demux = <optimized out>
b_can_demux = true
__func__ = "MainLoop"
#19 0x00007504f60c2707 in Run (data=0x750484005cb0) at input/input.c:506
priv = 0x750484005cb0
p_input = 0x750484005cb0
#20 0x00007504f61fdded in start_thread (arg=<optimized out>) at pthread_create.c:447
ret = <optimized out>
pd = <optimized out>
out = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {128663913756352, 6951825986904853404, 128663913756352, -120, 0, 128664104106384, 6951825986883881884,
6951861722525404060}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#21 0x00007504f62810dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78I'll try to take a look soon and try to make some.
According to the this stack trace, the crash happens here at the Fir_Resampler.cpp because of attempt to go out of ramge. However, in the stack trace there is no any values providen (showing just "").
So, there is a question: is need to make a workaround here, or check all the stuff through the stack and avoid producing such of invalid values 🤔
@City-busz Another question: does this happens with ANY SPC files, or it happens with some that you do have?
I do have something like this, and no crash happens at me locally, I even enabled all STL's asserts by global macros: ice_ow_mod_spc.spc.zip
Okay, just now I built the debug version of VLC from the source, and I ran it under debugging and supplying my custom GME SO file, and I reproduced that damned crash locally at me, finally:
So, trying to figure for the reason and eliminate it at all.
I found the count is -2, and that's weird... When it passed as an array index, it's supposed to be positive.
And, because the argument is size_t, the -2 turned into extremely large positive value that led an assert:
Okay, actually, this is a wrong formula:
However, I have no idea, does this supposed to round, or just subtract a small pile? 🤔
I think, I'll just turn this into zero as a small test.
Okay, just now I sent a quick fix. @City-busz, please test out the latest development version again, now it should work just fine.
Yes, it fixes the problem. Thank you very much! :)
Thanks for the confirmation, so, it's a time to close this issue.