Red Hat Bugzilla – Bug 595863
SIGSEGV within ucil_theora_encode_thread()
Last modified: 2014-07-06 12:57:53 EDT
Description of problem: Ucview segfaults once I press "record". Version-Release number of selected component (if applicable): ucview-0.31-1.fc12.i686 How reproducible: Everytime, just pressing "record". Actual results: (gdb) bt full #0 0x04a855d1 in memcpy () from /lib/libc.so.6 No symbol table info available. #1 0x00c593e1 in oc_img_plane_copy_pad (_dst=<value optimized out>, _src=<value optimized out>, _pic_x=<value optimized out>, _pic_y=<value optimized out>, _pic_width=<value optimized out>, _pic_height=<value optimized out>) at /usr/include/bits/string3.h:52 dst_data = 0xb4c4b378 "'**('*(''''('&&$\036\035\036!(('(( \026\026\026\026\026\035#! \036\026\021\r\r\016\v\v\t\v\v\r\r\r\v\v\v\r\016\016\020\016\020\020\021\023\025\025\025\025\025\026\030\033\033\033\033\032\032\030\026\025\023\025\023\021\020\020\016\r\v\t\t\v\t\v\v\t\006\004\006\006\004\006\b\b\004\003\004\004\004\004\003\004\003\004\003\004\003\003\004\003\003\001\001\001\003\004\001\003" src = <value optimized out> sstride = -640 x = <value optimized out> dst = <value optimized out> dstride = 137353384 frame_width = <value optimized out> frame_height = 480 y = <value optimized out> #2 0x00c5b8c7 in th_encode_ycbcr_in (_enc=<value optimized out>, _img=<value optimized out>) at encode.c:1514 img = {{width = 640, height = 480, stride = -640, data = 0x408b183 <Address 0x408b183 out of bounds>}, {width = 320, height = 240, stride = -320, data = 0x409dec3 <Address 0x409dec3 out of bounds>}, {width = 320, height = 240, stride = -320, data = 0x40b0ac3 <Address 0x40b0ac3 out of bounds>}} cpic_width = 480 cpic_height = <value optimized out> hdec = 1 vdec = 1 pli = <value optimized out> refi = <value optimized out> drop = <value optimized out> #3 0x00c5873c in theora_encode_YUVin (_te=<value optimized out>, _yuv=<value optimized out>) at encapiwrapper.c:96 api = 0x82ffa98 buf = {{width = 640, height = 480, stride = 640, data = 0x4040403 <Address 0x4040403 out of bounds>}, {width = 320, height = 240, stride = 320, data = 0x408b403 <Address 0x408b403 out of bounds>}, {width = 320, height = 240, stride = 320, data = 0x409e003 <Address 0x409e003 out of bounds>}} ret = <value optimized out> #4 0x00db1580 in ucil_theora_encode_thread (vobj=0x8299760) at ucil_theora.c:725 last_data_buffer = 0xb436e008 streampos = 0.13595499999999999 data_buffer = 0x83503a8 og = {header = 0x7cf513 "\211\307e\213\r\004", header_len = 1, body = 0x1b118b "\201\303i\036\001", body_len = 1847284} yuv = {y_width = 640, y_height = 480, y_stride = 640, uv_width = 320, uv_height = 240, uv_stride = 320, y = 0x4040403 <Address 0x4040403 out of bounds>, u = 0x408b403 <Address 0x408b403 out of bounds>, v = 0x409e003 <Address 0x409e003 out of bounds>} videopos = <value optimized out> audiopos = <value optimized out> gotpage = 0 ds_y_buffer = 0x0 ds_u_buffer = 0x0 ds_v_buffer = 0x0 #5 0x001b1ab5 in start_thread () from /lib/libpthread.so.0 No symbol table info available. #6 0x04ae7dae in clone () from /lib/libc.so.6 No symbol table info available. (gdb) Expected results: Working :)
Please get the bt once again with the following scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=2209154 Thanks in advance!
(gdb) bt full #0 0x010045b6 in memcpy () from /lib/libc.so.6 No symbol table info available. #1 0xb3849378 in ?? () No symbol table info available. #2 0x00c593e1 in oc_img_plane_copy_pad (_dst=<value optimized out>, _src=<value optimized out>, _pic_x=<value optimized out>, _pic_y=<value optimized out>, _pic_width=<value optimized out>, _pic_height=<value optimized out>) at /usr/include/bits/string3.h:52 dst_data = 0xb3849378 "" src = <value optimized out> sstride = -640 x = <value optimized out> dst = <value optimized out> dstride = 131573075 frame_width = <value optimized out> frame_height = 480 y = <value optimized out> #3 0x00c5b8c7 in th_encode_ycbcr_in (_enc=<value optimized out>, _img=<value optimized out>) at encode.c:1514 img = {{width = 640, height = 480, stride = -640, data = 0x4ad80 <Address 0x4ad80 out of bounds>}, {width = 320, height = 240, stride = -320, data = 0x5dac0 <Address 0x5dac0 out of bounds>}, {width = 320, height = 240, stride = -320, data = 0x706c0 <Address 0x706c0 out of bounds>}} cpic_width = 480 cpic_height = <value optimized out> hdec = 1 vdec = 1 pli = <value optimized out> refi = <value optimized out> drop = <value optimized out> #4 0x00c5873c in theora_encode_YUVin (_te=<value optimized out>, _yuv=<value optimized out>) at encapiwrapper.c:96 api = 0x8303018 buf = {{width = 640, height = 480, stride = 640, data = 0x0}, {width = 320, height = 240, stride = 320, data = 0x4b000 <Address 0x4b000 out of bounds>}, { width = 320, height = 240, stride = 320, data = 0x5dc00 <Address 0x5dc00 out of bounds>}} ret = <value optimized out> #5 0x00121235 in ucil_theora_encode_thread (vobj=0x825fa98) at ucil_theora.c:725 last_data_buffer = 0xb2f6c008 streampos = 0.13198499999999999 streamtime = {tv_sec = 0, tv_usec = 131985} data_buffer = 0x8353928 og = {header = 0x676ff4 "\264n\001", header_len = 10489856, body = 0x10634c6 "\211\323=\001\360\377\377s\001\303\350\023\067\004", body_len = 6705680} yuv = {y_width = 640, y_height = 480, y_stride = 640, uv_width = 320, uv_height = 240, uv_stride = 320, y = 0x0, u = 0x4b000 <Address 0x4b000 out of bounds>, v = 0x5dc00 <Address 0x5dc00 out of bounds>} videopos = 0.033333000000000002 audiopos = 0.15385487528344674 gotpage = 0 ds_y_buffer = 0x0 ds_u_buffer = 0x0 ds_v_buffer = 0x0 #6 0x00665ab5 in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x01066dae in clone () from /lib/libc.so.6 No symbol table info available. (gdb)
I found following in <theora/theora.h>: /** * Submit a YUV buffer to the theora encoder. * \param t A theora_state handle previously initialized for encoding. * \param yuv A buffer of YUV data to encode. Note that both the yuv_buffer * struct and the luma/chroma buffers within should be allocated by * the user. * \retval OC_EINVAL Encoder is not ready, or is finished. * \retval -1 The size of the given frame differs from those previously input * \retval 0 Success */ extern int theora_encode_YUVin(theora_state *t, yuv_buffer *yuv); > #4 0x00c5873c in theora_encode_YUVin (_te=<value optimized out>, _yuv=<value > optimized out>) at encapiwrapper.c:96 ... > yuv = {y_width = 640, y_height = 480, y_stride = 640, uv_width = 320, > uv_height = 240, uv_stride = 320, y = 0x0, > u = 0x4b000 <Address 0x4b000 out of bounds>, v = 0x5dc00 <Address > 0x5dc00 out of bounds>} However the buffers within 'yuv' do not seem to be properly allocated.
Okay, that means?
Created attachment 418665 [details] this should fix the reported SIGSEGV
*** Bug 570439 has been marked as a duplicate of this bug. ***
Patch proposed upstream: https://bugs.launchpad.net/unicap/+bug/588662
libucil-0.9.8-2.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/libucil-0.9.8-2.fc12
libucil-0.9.8-2.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/libucil-0.9.8-2.fc13
libucil-0.9.8-2.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update libucil'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/libucil-0.9.8-2.fc13
libucil-0.9.8-2.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update libucil'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/libucil-0.9.8-2.fc12
libucil-0.9.8-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
libucil-0.9.8-2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
follow-up: bug 627161