[mythtv] segfault problem with current CVS.

Chris Pinkham cpinkham at bc2va.org
Sun Feb 23 22:37:07 EST 2003 

> Can you try running things in valgrind ( http://developer.kde.org/~sewardj/ ), 

Thanks for the link.  With the help of valgrind and a bunch of debugging
printf()'s of my own, I've tracked it down to two pointers that are
being freed twice.  In mpegvideo.c, there is a function called free_picture.
free_picture frees all elements of the picture array and the segfault's I've
been seeing have been happening on the following two lines:

    av_freep(&pic->mbskip_table);
    av_freep(&pic->qscale_table);

I put in a printf() at the top of free_picture to see what was being passed
in to this function.  Here's the output from when I quit playing back the
video:

f_p( s = 0x84e94c0, pic = 0x84e9580, mt = 0x853d720, qt = 0x853d9e0 )
f_p( s = 0x84e94c0, pic = 0x84e9624, mt = 0x853d720, qt = 0x853d9e0 )
f_p( s = 0x84e94c0, pic = 0x84e96c8, mt = 0x853dc80, qt = 0x853df20 )
f_p( s = 0x84e94c0, pic = 0x84e976c, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e9810, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e98b4, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e9958, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e99fc, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e9aa0, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e9b44, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e9be8, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e9c8c, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e9d30, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e9dd4, mt = (nil), qt = (nil) )
f_p( s = 0x84e94c0, pic = 0x84e9e78, mt = (nil), qt = (nil) )

The s & p are the two arguments to the function, the mt and qt are the
two malloc-ed arrays that are part of the pic structure.  You can see that
pic is differnt for each instance of free_picture, but the first two
instances of pic are pointing to the same mbskip_table and qscale_table.
This agrees with the output from valgrind which looked like this:

==31945== Thread 2:
==31945== Invalid free() / delete / delete[]
==31945==    at 0x40165D3E: free (vg_clientfuncs.c:182)
==31945==    by 0x815CF5E: av_free (mem.c:92)
==31945==    by 0x815BF8A: __av_freep (utils.c:100)
==31945==    by 0x815DE10: free_picture (mpegvideo.c:363)
==31945==    Address 0x42C9FEE0 is 0 bytes inside a block of size 661 free'd
==31945==    at 0x40165D3E: free (vg_clientfuncs.c:182)
==31945==    by 0x815CF5E: av_free (mem.c:92)
==31945==    by 0x815BF8A: __av_freep (utils.c:100)
==31945==    by 0x815DE10: free_picture (mpegvideo.c:363)

Now to track down why the first two pictures have the same mbskip_table
and qscale_table.

Chris

*****************************************************************************
** Chris Pinkham                  Linux v2.2.18, Sane v1.0.4, Cajun v3.0-8 **
** cpinkham at bc2va.org                          http://www.bc2va.org/chris/ **
*****************************************************************************

More information about the mythtv-dev mailing list