Bug 595863 - SIGSEGV within ucil_theora_encode_thread()
SIGSEGV within ucil_theora_encode_thread()
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: libucil (Show other bugs)
12
All Linux
low Severity medium
: ---
: ---
Assigned To: Kamil Dudka
Fedora Extras Quality Assurance
:
: 570439 (view as bug list)
Depends On:
Blocks: 635643
  Show dependency treegraph
 
Reported: 2010-05-25 15:34 EDT by Robert Scheck
Modified: 2014-07-06 12:57 EDT (History)
3 users (show)

See Also:
Fixed In Version: libucil-0.9.8-2.fc13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 635643 (view as bug list)
Environment:
Last Closed: 2010-06-21 17:37:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
this should fix the reported SIGSEGV (1.29 KB, patch)
2010-06-01 10:43 EDT, Kamil Dudka
no flags Details | Diff

  None (edit)
Description Robert Scheck 2010-05-25 15:34:08 EDT
Description of problem:
Ucview segfaults once I press "record".

Version-Release number of selected component (if applicable):
ucview-0.31-1.fc12.i686

How reproducible:
Everytime, just pressing "record".

Actual results:
(gdb) bt full
#0  0x04a855d1 in memcpy () from /lib/libc.so.6
No symbol table info available.
#1  0x00c593e1 in oc_img_plane_copy_pad (_dst=<value optimized out>, _src=<value optimized out>, _pic_x=<value optimized out>, _pic_y=<value optimized out>, 
    _pic_width=<value optimized out>, _pic_height=<value optimized out>) at /usr/include/bits/string3.h:52
        dst_data = 0xb4c4b378 "'**('*(''''('&&$\036\035\036!(('(( \026\026\026\026\026\035#! \036\026\021\r\r\016\v\v\t\v\v\r\r\r\v\v\v\r\016\016\020\016\020\020\021\023\025\025\025\025\025\026\030\033\033\033\033\032\032\030\026\025\023\025\023\021\020\020\016\r\v\t\t\v\t\v\v\t\006\004\006\006\004\006\b\b\004\003\004\004\004\004\003\004\003\004\003\004\003\003\004\003\003\001\001\001\003\004\001\003"
        src = <value optimized out>
        sstride = -640
        x = <value optimized out>
        dst = <value optimized out>
        dstride = 137353384
        frame_width = <value optimized out>
        frame_height = 480
        y = <value optimized out>
#2  0x00c5b8c7 in th_encode_ycbcr_in (_enc=<value optimized out>, _img=<value optimized out>) at encode.c:1514
        img = {{width = 640, height = 480, stride = -640, data = 0x408b183 <Address 0x408b183 out of bounds>}, {width = 320, height = 240, stride = -320, 
            data = 0x409dec3 <Address 0x409dec3 out of bounds>}, {width = 320, height = 240, stride = -320, data = 0x40b0ac3 <Address 0x40b0ac3 out of bounds>}}
        cpic_width = 480
        cpic_height = <value optimized out>
        hdec = 1
        vdec = 1
        pli = <value optimized out>
        refi = <value optimized out>
        drop = <value optimized out>
#3  0x00c5873c in theora_encode_YUVin (_te=<value optimized out>, _yuv=<value optimized out>) at encapiwrapper.c:96
        api = 0x82ffa98
        buf = {{width = 640, height = 480, stride = 640, data = 0x4040403 <Address 0x4040403 out of bounds>}, {width = 320, height = 240, stride = 320, 
            data = 0x408b403 <Address 0x408b403 out of bounds>}, {width = 320, height = 240, stride = 320, data = 0x409e003 <Address 0x409e003 out of bounds>}}
        ret = <value optimized out>
#4  0x00db1580 in ucil_theora_encode_thread (vobj=0x8299760) at ucil_theora.c:725
        last_data_buffer = 0xb436e008
        streampos = 0.13595499999999999
        data_buffer = 0x83503a8
        og = {header = 0x7cf513 "\211\307e\213\r\004", header_len = 1, body = 0x1b118b "\201\303i\036\001", body_len = 1847284}
        yuv = {y_width = 640, y_height = 480, y_stride = 640, uv_width = 320, uv_height = 240, uv_stride = 320, y = 0x4040403 <Address 0x4040403 out of bounds>, 
          u = 0x408b403 <Address 0x408b403 out of bounds>, v = 0x409e003 <Address 0x409e003 out of bounds>}
        videopos = <value optimized out>
        audiopos = <value optimized out>
        gotpage = 0
        ds_y_buffer = 0x0
        ds_u_buffer = 0x0
        ds_v_buffer = 0x0
#5  0x001b1ab5 in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#6  0x04ae7dae in clone () from /lib/libc.so.6
No symbol table info available.
(gdb) 

Expected results:
Working :)
Comment 1 Kamil Dudka 2010-05-25 15:52:58 EDT
Please get the bt once again with the following scratch build:

http://koji.fedoraproject.org/koji/taskinfo?taskID=2209154

Thanks in advance!
Comment 2 Robert Scheck 2010-05-25 16:05:55 EDT
(gdb) bt full
#0  0x010045b6 in memcpy () from /lib/libc.so.6
No symbol table info available.
#1  0xb3849378 in ?? ()
No symbol table info available.
#2  0x00c593e1 in oc_img_plane_copy_pad (_dst=<value optimized out>, _src=<value optimized out>, _pic_x=<value optimized out>, _pic_y=<value optimized out>, 
    _pic_width=<value optimized out>, _pic_height=<value optimized out>) at /usr/include/bits/string3.h:52
        dst_data = 0xb3849378 ""
        src = <value optimized out>
        sstride = -640
        x = <value optimized out>
        dst = <value optimized out>
        dstride = 131573075
        frame_width = <value optimized out>
        frame_height = 480
        y = <value optimized out>
#3  0x00c5b8c7 in th_encode_ycbcr_in (_enc=<value optimized out>, _img=<value optimized out>) at encode.c:1514
        img = {{width = 640, height = 480, stride = -640, data = 0x4ad80 <Address 0x4ad80 out of bounds>}, {width = 320, height = 240, stride = -320, 
            data = 0x5dac0 <Address 0x5dac0 out of bounds>}, {width = 320, height = 240, stride = -320, data = 0x706c0 <Address 0x706c0 out of bounds>}}
        cpic_width = 480
        cpic_height = <value optimized out>
        hdec = 1
        vdec = 1
        pli = <value optimized out>
        refi = <value optimized out>
        drop = <value optimized out>
#4  0x00c5873c in theora_encode_YUVin (_te=<value optimized out>, _yuv=<value optimized out>) at encapiwrapper.c:96
        api = 0x8303018
        buf = {{width = 640, height = 480, stride = 640, data = 0x0}, {width = 320, height = 240, stride = 320, data = 0x4b000 <Address 0x4b000 out of bounds>}, {
            width = 320, height = 240, stride = 320, data = 0x5dc00 <Address 0x5dc00 out of bounds>}}
        ret = <value optimized out>
#5  0x00121235 in ucil_theora_encode_thread (vobj=0x825fa98) at ucil_theora.c:725
        last_data_buffer = 0xb2f6c008
        streampos = 0.13198499999999999
        streamtime = {tv_sec = 0, tv_usec = 131985}
        data_buffer = 0x8353928
        og = {header = 0x676ff4 "\264n\001", header_len = 10489856, body = 0x10634c6 "\211\323=\001\360\377\377s\001\303\350\023\067\004", body_len = 6705680}
        yuv = {y_width = 640, y_height = 480, y_stride = 640, uv_width = 320, uv_height = 240, uv_stride = 320, y = 0x0, 
          u = 0x4b000 <Address 0x4b000 out of bounds>, v = 0x5dc00 <Address 0x5dc00 out of bounds>}
        videopos = 0.033333000000000002
        audiopos = 0.15385487528344674
        gotpage = 0
        ds_y_buffer = 0x0
        ds_u_buffer = 0x0
        ds_v_buffer = 0x0
#6  0x00665ab5 in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#7  0x01066dae in clone () from /lib/libc.so.6
No symbol table info available.
(gdb)
Comment 3 Kamil Dudka 2010-05-25 16:24:06 EDT
I found following in <theora/theora.h>:

/**
 * Submit a YUV buffer to the theora encoder.
 * \param t A theora_state handle previously initialized for encoding.
 * \param yuv A buffer of YUV data to encode.  Note that both the yuv_buffer
 *            struct and the luma/chroma buffers within should be allocated by
 *            the user.
 * \retval OC_EINVAL Encoder is not ready, or is finished.
 * \retval -1 The size of the given frame differs from those previously input
 * \retval 0 Success
 */
extern int theora_encode_YUVin(theora_state *t, yuv_buffer *yuv);

> #4  0x00c5873c in theora_encode_YUVin (_te=<value optimized out>, _yuv=<value
> optimized out>) at encapiwrapper.c:96

...

>         yuv = {y_width = 640, y_height = 480, y_stride = 640, uv_width = 320,
> uv_height = 240, uv_stride = 320, y = 0x0, 
>           u = 0x4b000 <Address 0x4b000 out of bounds>, v = 0x5dc00 <Address
> 0x5dc00 out of bounds>}

However the buffers within 'yuv' do not seem to be properly allocated.
Comment 4 Robert Scheck 2010-05-27 22:07:32 EDT
Okay, that means?
Comment 5 Kamil Dudka 2010-06-01 10:43:56 EDT
Created attachment 418665 [details]
this should fix the reported SIGSEGV
Comment 6 Robert Scheck 2010-06-01 18:09:30 EDT
*** Bug 570439 has been marked as a duplicate of this bug. ***
Comment 7 Kamil Dudka 2010-06-02 06:01:45 EDT
Patch proposed upstream:

https://bugs.launchpad.net/unicap/+bug/588662
Comment 8 Fedora Update System 2010-06-02 12:06:26 EDT
libucil-0.9.8-2.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/libucil-0.9.8-2.fc12
Comment 9 Fedora Update System 2010-06-02 12:06:50 EDT
libucil-0.9.8-2.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/libucil-0.9.8-2.fc13
Comment 10 Fedora Update System 2010-06-03 14:07:52 EDT
libucil-0.9.8-2.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libucil'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/libucil-0.9.8-2.fc13
Comment 11 Fedora Update System 2010-06-03 14:14:28 EDT
libucil-0.9.8-2.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libucil'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/libucil-0.9.8-2.fc12
Comment 12 Fedora Update System 2010-06-21 17:37:15 EDT
libucil-0.9.8-2.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2010-06-21 17:43:51 EDT
libucil-0.9.8-2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Kamil Dudka 2010-09-20 08:17:37 EDT
follow-up: bug 627161

Note You need to log in before you can comment on or make changes to this bug.