Ubuntu
dvbsnoop package

dvbsnoop crashed with SIGSEGV

Bug #453734 reported by Michael Lamothe on 2009-10-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	dvbsnoop (Ubuntu)	Invalid	Medium	Unassigned

Bug Description

Binary package hint: dvbsnoop

Used `dvbsnoop -if <filename>`. Will attach file.

ProblemType: Crash
Architecture: amd64
Date: Sat Oct 17 18:15:45 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/dvbsnoop
Package: dvbsnoop 1.4.50-2
ProcCmdline: dvbsnoop -if ABC2-071252.m2t
ProcEnviron:
SHELL=/bin/bash
LANG=en_AU.UTF-8
ProcVersionSignature: Ubuntu 2.6.31-12.41-generic
SegvAnalysis:
Segfault happened at: 0x424eda: movzbl (%rdx),%eax
PC (0x00424eda) ok
source "(%rdx)" (0x80009bf65726) not located in a known VMA region (needed readable region)!
destination "%eax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: dvbsnoop
StacktraceTop:
?? ()
?? ()
?? ()
?? ()
?? ()
Title: dvbsnoop crashed with SIGSEGV
Uname: Linux 2.6.31-12-generic x86_64
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
XsessionErrors:
(gnome-settings-daemon:1685): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
(gnome-settings-daemon:1685): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
(polkit-gnome-authentication-agent-1:1799): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
(nautilus:1783): Eel-CRITICAL **: eel_preferences_get_boolean: assertion `preferences_is_initialized ()' failed
(nautilus:2136): Eel-CRITICAL **: eel_preferences_get_boolean: assertion `preferences_is_initialized ()' failed

Tags:

Revision history for this message

Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote on 2009-10-17:

Dependencies.txt Edit (495 bytes, text/plain; charset="utf-8")
Disassembly.txt Edit (451 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (1.2 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (775 bytes, text/plain; charset="utf-8")
Registers.txt Edit (910 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (1.1 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (1.1 KiB, text/plain; charset="utf-8")

Revision history for this message

Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote on 2009-10-17:

Split file from kaffeine Edit (183.6 KiB, application/octet-stream)

I recorded a file from kaffeine which has a known faulty MPEG-2 TS PAT/PMT generator. I was running dvbsnoop to do some analysis. The attached xaa file was generated from `split -a 2 -b 188000 ABC2-071252.m2t` and still causes the same result.

Revision history for this message

Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote on 2009-10-17:

Upstream is about 2 years old.

gdb produces:

Program received signal SIGSEGV, Segmentation fault.
getBits48 (buf=<value optimized out>, byte_offset=<value optimized out>, startbit=0, bitlen=32) at helper.c:451
451 tmp = (unsigned long long)(

at the crash point.

Revision history for this message

Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote on 2009-10-17:

#0 getBits48 (buf=<value optimized out>, byte_offset=<value optimized out>, startbit=0, bitlen=32) at helper.c:451
#1 0x000000000042504f in outBit_Sx (verbosity=5, text=0x427657 "CRC: ", buf=0x8000ffff60e6 <Address 0x8000ffff60e6 out of bounds>, startbit=0, bitlen=32)
at helper.c:203
#2 0x0000000000425755 in outBit_Sx_NL (verbosity=-40730, text=0x0, buf=0x0, startbit=32, bitlen=32) at helper.c:226
#3 0x00000000004084ea in decodeSI_packet (buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10, pid=65535) at sectables.c:288
#4 0x0000000000408617 in processSI_packet (pid=<value optimized out>, pkt_nr=118, buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10)
at sectables.c:225
#5 0x0000000000401967 in doReadSECT_2 (opt=0x7fffffffe1a0) at dmx_sect.c:368
#6 0x0000000000401bb0 in doReadSECT (opt=0x8000ffff60e6) at dmx_sect.c:180
#7 0x0000000000401248 in main (argc=<value optimized out>, argv=0x7fffffffe378) at dvbsnoop.c:211

Revision history for this message

Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote on 2009-10-17:

Download full text (3.3 KiB)

`bt full` gives:

#0 getBits48 (buf=<value optimized out>, byte_offset=<value optimized out>, startbit=0, bitlen=32) at helper.c:451
        b = 0x8000ffff60e6 <Address 0x8000ffff60e6 out of bounds>
#1 0x000000000042504f in outBit_Sx (verbosity=5, text=0x427657 "CRC: ", buf=0x8000ffff60e6 <Address 0x8000ffff60e6 out of bounds>, startbit=0, bitlen=32)
    at helper.c:203
        value = <value optimized out>
#2 0x0000000000425755 in outBit_Sx_NL (verbosity=-40730, text=0x0, buf=0x0, startbit=32, bitlen=32) at helper.c:226
        value = <value optimized out>
#3 0x00000000004084ea in decodeSI_packet (buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10, pid=65535) at sectables.c:288
        opt = 0x0
#4 0x0000000000408617 in processSI_packet (pid=<value optimized out>, pkt_nr=118, buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10)
    at sectables.c:225
        opt = 0x7fffffffe1a0
#5 0x0000000000401967 in doReadSECT_2 (opt=0x7fffffffe1a0) at dmx_sect.c:368
        n = <value optimized out>
        fd = 5
        buf = "\343\200\a\242@-\356\200\035\273\000R\000\344\020?\037\337\353\367\351\302\000\t\376\000\032g\322\360\347\200W\374\371\000u\347\256\023\252\231\177;\020ʷ\r\215\321\000P\b\000\322\b\037\221\377\000B\000\230\001x ~\200\001o\320\001\254\000Y\242}\270#q\234\371o۲0\261\034\322\305:Qb\353\360Մ\314>\234܂\200\032\210\177\021\340\a=;o\026\221\346\314\064I\277L\341\331*-\271\314Ր\353U\264\177\307\063P\201\273\r\223\204\265\034\202\356\332\030\270\211[v\300\036\202\000!\000\060\000 \004G\t\003\030\000U\000\\\b\037y\374\354H \376Ѝ\000|\000\225\340\017w\337\275\244~Ȣx\336H\317q\244\353\322s\345$\310\372`~խw\310 \002\020\002`\002_\200@\371\200\004\177\361O\347\376\000\360\001X\003\273\376\356w\336\000\035^\267D\355\307f\314\332\373L\276sJ\205\067\v\370\b\000\362\b\037\255>\377@\004\337\360\002\271\362\b\000f\000\363\377\237\177`\a\226m\027\316;\233\317\004nT\242vm.\023\022\324n1\020\020\001S\377\354\000\310\020>\357\355\177\244j\360@\375\020\a\340\017H\244m\216\344\302\063\210\256\261\330,\245\267)7ȡ\314\376@\030\212\025y\357G\t\003\031\257\257O\346"...
        count = 118
        filtered_count = 118
        f = <value optimized out>
        openMode = <value optimized out>
        dmxMode = 0
        dmx_buffer_size = <value optimized out>
#6 0x0000000000401bb0 in doReadSECT (opt=0x8000ffff60e6) at dmx_sect.c:180
        status = <value optimized out>
#7 0x0000000000401248 in main (argc=<value optimized out>, argv=0x7fffffffe378) at dvbsnoop.c:211
        opt = {packet_mode = 0, packet_header_sync = 1, buffer_hexdump = 1, printhex = 4, printdecode = 7, binary_out = 0, outPidFile = 0x0,
          inpPidFile = 0x7fffffffe655 "/home/michael/Videos/2-split/xaa", devDemux = 0x64b5a0 "/dev/dvb/adapter0/demux0",
          devDvr = 0x64b5e0 "/dev/dvb/adapter0/dvr0", devFE = 0x64b620 "/dev/dvb/adapter0/frontend0", dvbAdapterNr = 0, dvbDeviceNr = 0,
          rd_buffer_size = 0, pid = 65535, filterLen = 0, filter = '\000' <repeats 15 times>, mask = '\000' <repeats 15 times>, crc = 0, soft_crc = 0,
          max_dmx_filter = 0, timeout_ms = 0, rd_packet_count = 0, dec_packet_count = 0, rd_all_sections = 0, spider_pid ...

`bt full` gives:

#0  getBits48 (buf=<value optimized out>, byte_offset=<value optimized out>, startbit=0, bitlen=32) at helper.c:451
        b = 0x8000ffff60e6 <Address 0x8000ffff60e6 out of bounds>
#1  0x000000000042504f in outBit_Sx (verbosity=5, text=0x427657 "CRC: ", buf=0x8000ffff60e6 <Address 0x8000ffff60e6 out of bounds>, startbit=0, bitlen=32)
    at helper.c:203
        value = <value optimized out>
#2  0x0000000000425755 in outBit_Sx_NL (verbosity=-40730, text=0x0, buf=0x0, startbit=32, bitlen=32) at helper.c:226
        value = <value optimized out>
#3  0x00000000004084ea in decodeSI_packet (buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10, pid=65535) at sectables.c:288
        opt = 0x0
#4  0x0000000000408617 in processSI_packet (pid=<value optimized out>, pkt_nr=118, buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10)
    at sectables.c:225
        opt = 0x7fffffffe1a0
#5  0x0000000000401967 in doReadSECT_2 (opt=0x7fffffffe1a0) at dmx_sect.c:368
        n = <value optimized out>
        fd = 5
        buf = "\343\200\a\242@-\356\200\035\273\000R\000\344\020?\037\337\353\367\351\302\000\t\376\000\032g\322\360\347\200W\374\371\000u\347\256\023\252\231\177;\020ʷ\r\215\321\000P\b\000\322\b\037\221\377\000B\000\230\001x ~\200\001o\320\001\254\000Y\242}\270#q\234\371o۲0\261\034\322\305:Qb\353\360Մ\314>\234܂\200\032\210\177\021\340\a=;o\026\221\346\314\064I\277L\341\331*-\271\314Ր\353U\264\177\307\063P\201\273\r\223\204\265\034\202\356\332\030\270\211[v\300\036\202\000!\000\060\000 \004G\t\003\030\000U\000\\\b\037y\374\354H \376Ѝ\000|\000\225\340\017w\337\275\244~Ȣx\336H\317q\244\353\322s\345$\310\372`~խw\310 \002\020\002`\002_\200@\371\200\004\177\361O\347\376\000\360\001X\003\273\376\356w\336\000\035^\267D\355\307f\314\332\373L\276sJ\205\067\v\370\b\000\362\b\037\255>\377@\004\337\360\002\271\362\b\000f\000\363\377\237\177`\a\226m\027\316;\233\317\004nT\242vm.\023\022\324n1\020\020\001S\377\354\000\310\020>\357\355\177\244j\360@\375\020\a\340\017H\244m\216\344\302\063\210\256\261\330,\245\267)7ȡ\314\376@\030\212\025y\357G\t\003\031\257\257O\346"...
        count = 118
        filtered_count = 118
        f = <value optimized out>
        openMode = <value optimized out>
        dmxMode = 0
        dmx_buffer_size = <value optimized out>
#6  0x0000000000401bb0 in doReadSECT (opt=0x8000ffff60e6) at dmx_sect.c:180
        status = <value optimized out>
#7  0x0000000000401248 in main (argc=<value optimized out>, argv=0x7fffffffe378) at dvbsnoop.c:211
        opt = {packet_mode = 0, packet_header_sync = 1, buffer_hexdump = 1, printhex = 4, printdecode = 7, binary_out = 0, outPidFile = 0x0, 
          inpPidFile = 0x7fffffffe655 "/home/michael/Videos/2-split/xaa", devDemux = 0x64b5a0 "/dev/dvb/adapter0/demux0", 
          devDvr = 0x64b5e0 "/dev/dvb/adapter0/dvr0", devFE = 0x64b620 "/dev/dvb/adapter0/frontend0", dvbAdapterNr = 0, dvbDeviceNr = 0, 
          rd_buffer_size = 0, pid = 65535, filterLen = 0, filter = '\000' <repeats 15 times>, mask = '\000' <repeats 15 times>, crc = 0, soft_crc = 0, 
          max_dmx_filter = 0, timeout_ms = 0, rd_packet_count = 0, dec_packet_count = 0, rd_all_sections = 0, spider_pid = 0, ts_subdecode = 0, 
          ts_raw_mode = 0, time_mode = 1, privateProviderStr = 0x0, dsmcc_save = 0, hide_copyright = 0, help = 0}
        err = <value optimized out>

Revision history for this message

Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote on 2009-10-17:

This is interesting because someone had hinted to me that kaffeine's CRC check is faulty. This result seems to be consistent with that observation.

Changed in dvbsnoop (Ubuntu):
status:	New → Confirmed

Revision history for this message

Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote on 2009-10-17:

Just to be clear, dvbsnoop should not crash on a faulty CRC. This is still an issue with dvbsnoop.

Revision history for this message

Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote on 2009-10-17:

Ah ha! Doesn't crash when I tell it that it's a TS stream "-s ts".

Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) on 2009-10-17

visibility:

private → public

Revision history for this message

Apport retracing service (apport) wrote on 2009-10-18: Stacktrace.txt (retraced)

Stacktrace.txt (retraced) Edit (2.6 KiB, text/plain)

StacktraceTop:getBits48 (buf=0x80009bf65726 <Address 0x80009bf65726 out of bounds>,
outBit_Sx (verbosity=5, text=0x427fef "CRC: ",
outBit_Sx_NL (verbosity=-1678354650, text=0x0,
decodeSI_packet (
processSI_packet (pid=<value optimized out>,

Revision history for this message

Apport retracing service (apport) wrote on 2009-10-18: ThreadStacktrace.txt (retraced)

#10

ThreadStacktrace.txt (retraced) Edit (2.6 KiB, text/plain)

Changed in dvbsnoop (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-amd64-retrace

Revision history for this message

dino99 (9d9) wrote on 2016-01-24:

#11

This version is outdated and no more supported

Changed in dvbsnoop (Ubuntu):
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudvbsnoop package

dvbsnoop crashed with SIGSEGV

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
dvbsnoop package