dvbsnoop crashed with SIGSEGV

Bug #453734 reported by Michael Lamothe
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dvbsnoop (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Binary package hint: dvbsnoop

Used `dvbsnoop -if <filename>`. Will attach file.

ProblemType: Crash
Architecture: amd64
Date: Sat Oct 17 18:15:45 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/dvbsnoop
Package: dvbsnoop 1.4.50-2
ProcCmdline: dvbsnoop -if ABC2-071252.m2t
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_AU.UTF-8
ProcVersionSignature: Ubuntu 2.6.31-12.41-generic
SegvAnalysis:
 Segfault happened at: 0x424eda: movzbl (%rdx),%eax
 PC (0x00424eda) ok
 source "(%rdx)" (0x80009bf65726) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: dvbsnoop
StacktraceTop:
 ?? ()
 ?? ()
 ?? ()
 ?? ()
 ?? ()
Title: dvbsnoop crashed with SIGSEGV
Uname: Linux 2.6.31-12-generic x86_64
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
XsessionErrors:
 (gnome-settings-daemon:1685): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
 (gnome-settings-daemon:1685): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
 (polkit-gnome-authentication-agent-1:1799): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
 (nautilus:1783): Eel-CRITICAL **: eel_preferences_get_boolean: assertion `preferences_is_initialized ()' failed
 (nautilus:2136): Eel-CRITICAL **: eel_preferences_get_boolean: assertion `preferences_is_initialized ()' failed

Revision history for this message
Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote :
Revision history for this message
Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote :

I recorded a file from kaffeine which has a known faulty MPEG-2 TS PAT/PMT generator. I was running dvbsnoop to do some analysis. The attached xaa file was generated from `split -a 2 -b 188000 ABC2-071252.m2t` and still causes the same result.

Revision history for this message
Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote :

Upstream is about 2 years old.

gdb produces:

Program received signal SIGSEGV, Segmentation fault.
getBits48 (buf=<value optimized out>, byte_offset=<value optimized out>, startbit=0, bitlen=32) at helper.c:451
451 tmp = (unsigned long long)(

at the crash point.

Revision history for this message
Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote :

#0 getBits48 (buf=<value optimized out>, byte_offset=<value optimized out>, startbit=0, bitlen=32) at helper.c:451
#1 0x000000000042504f in outBit_Sx (verbosity=5, text=0x427657 "CRC: ", buf=0x8000ffff60e6 <Address 0x8000ffff60e6 out of bounds>, startbit=0, bitlen=32)
    at helper.c:203
#2 0x0000000000425755 in outBit_Sx_NL (verbosity=-40730, text=0x0, buf=0x0, startbit=32, bitlen=32) at helper.c:226
#3 0x00000000004084ea in decodeSI_packet (buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10, pid=65535) at sectables.c:288
#4 0x0000000000408617 in processSI_packet (pid=<value optimized out>, pkt_nr=118, buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10)
    at sectables.c:225
#5 0x0000000000401967 in doReadSECT_2 (opt=0x7fffffffe1a0) at dmx_sect.c:368
#6 0x0000000000401bb0 in doReadSECT (opt=0x8000ffff60e6) at dmx_sect.c:180
#7 0x0000000000401248 in main (argc=<value optimized out>, argv=0x7fffffffe378) at dvbsnoop.c:211

Revision history for this message
Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote :
Download full text (3.3 KiB)

`bt full` gives:

#0 getBits48 (buf=<value optimized out>, byte_offset=<value optimized out>, startbit=0, bitlen=32) at helper.c:451
        b = 0x8000ffff60e6 <Address 0x8000ffff60e6 out of bounds>
#1 0x000000000042504f in outBit_Sx (verbosity=5, text=0x427657 "CRC: ", buf=0x8000ffff60e6 <Address 0x8000ffff60e6 out of bounds>, startbit=0, bitlen=32)
    at helper.c:203
        value = <value optimized out>
#2 0x0000000000425755 in outBit_Sx_NL (verbosity=-40730, text=0x0, buf=0x0, startbit=32, bitlen=32) at helper.c:226
        value = <value optimized out>
#3 0x00000000004084ea in decodeSI_packet (buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10, pid=65535) at sectables.c:288
        opt = 0x0
#4 0x0000000000408617 in processSI_packet (pid=<value optimized out>, pkt_nr=118, buf=0x7fffffff60e0 "\343\200\a\242@-\356\200\035\273", len=10)
    at sectables.c:225
        opt = 0x7fffffffe1a0
#5 0x0000000000401967 in doReadSECT_2 (opt=0x7fffffffe1a0) at dmx_sect.c:368
        n = <value optimized out>
        fd = 5
        buf = "\343\200\a\242@-\356\200\035\273\000R\000\344\020?\037\337\353\367\351\302\000\t\376\000\032g\322\360\347\200W\374\371\000u\347\256\023\252\231\177;\020ʷ\r\215\321\000P\b\000\322\b\037\221\377\000B\000\230\001x ~\200\001o\320\001\254\000Y\242}\270#q\234\371o۲0\261\034\322\305:Qb\353\360Մ\314>\234܂\200\032\210\177\021\340\a=;o\026\221\346\314\064I\277L\341\331*-\271\314Ր\353U\264\177\307\063P\201\273\r\223\204\265\034\202\356\332\030\270\211[v\300\036\202\000!\000\060\000 \004G\t\003\030\000U\000\\\b\037y\374\354H \376Ѝ\000|\000\225\340\017w\337\275\244~Ȣx\336H\317q\244\353\322s\345$\310\372`~խw\310 \002\020\002`\002_\200@\371\200\004\177\361O\347\376\000\360\001X\003\273\376\356w\336\000\035^\267D\355\307f\314\332\373L\276sJ\205\067\v\370\b\000\362\b\037\255>\377@\004\337\360\002\271\362\b\000f\000\363\377\237\177`\a\226m\027\316;\233\317\004nT\242vm.\023\022\324n1\020\020\001S\377\354\000\310\020>\357\355\177\244j\360@\375\020\a\340\017H\244m\216\344\302\063\210\256\261\330,\245\267)7ȡ\314\376@\030\212\025y\357G\t\003\031\257\257O\346"...
        count = 118
        filtered_count = 118
        f = <value optimized out>
        openMode = <value optimized out>
        dmxMode = 0
        dmx_buffer_size = <value optimized out>
#6 0x0000000000401bb0 in doReadSECT (opt=0x8000ffff60e6) at dmx_sect.c:180
        status = <value optimized out>
#7 0x0000000000401248 in main (argc=<value optimized out>, argv=0x7fffffffe378) at dvbsnoop.c:211
        opt = {packet_mode = 0, packet_header_sync = 1, buffer_hexdump = 1, printhex = 4, printdecode = 7, binary_out = 0, outPidFile = 0x0,
          inpPidFile = 0x7fffffffe655 "/home/michael/Videos/2-split/xaa", devDemux = 0x64b5a0 "/dev/dvb/adapter0/demux0",
          devDvr = 0x64b5e0 "/dev/dvb/adapter0/dvr0", devFE = 0x64b620 "/dev/dvb/adapter0/frontend0", dvbAdapterNr = 0, dvbDeviceNr = 0,
          rd_buffer_size = 0, pid = 65535, filterLen = 0, filter = '\000' <repeats 15 times>, mask = '\000' <repeats 15 times>, crc = 0, soft_crc = 0,
          max_dmx_filter = 0, timeout_ms = 0, rd_packet_count = 0, dec_packet_count = 0, rd_all_sections = 0, spider_pid ...

Read more...

Revision history for this message
Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote :

This is interesting because someone had hinted to me that kaffeine's CRC check is faulty. This result seems to be consistent with that observation.

Changed in dvbsnoop (Ubuntu):
status: New → Confirmed
Revision history for this message
Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote :

Just to be clear, dvbsnoop should not crash on a faulty CRC. This is still an issue with dvbsnoop.

Revision history for this message
Michael Lamothe (lamothe-deactivatedaccount-deactivatedaccount) wrote :

Ah ha! Doesn't crash when I tell it that it's a TS stream "-s ts".

visibility: private → public
Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt (retraced)

StacktraceTop:getBits48 (buf=0x80009bf65726 <Address 0x80009bf65726 out of bounds>,
outBit_Sx (verbosity=5, text=0x427fef "CRC: ",
outBit_Sx_NL (verbosity=-1678354650, text=0x0,
decodeSI_packet (
processSI_packet (pid=<value optimized out>,

Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt (retraced)
Changed in dvbsnoop (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
dino99 (9d9) wrote :

This version is outdated and no more supported

Changed in dvbsnoop (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.