[mythtv-commits] Ticket #13571: Crash of backend on delete of program being recorded

MythTV noreply at mythtv.org
Tue May 12 14:20:30 UTC 2020 

#13571: Crash of backend on delete of program being recorded
--------------------------------+-------------------------------
 Reporter:  Klaas de Waal       |          Owner:  Klaas de Waal
     Type:  Bug Report - Crash  |         Status:  new
 Priority:  minor               |      Milestone:  32.0
Component:  MythTV - General    |        Version:  Master Head
 Severity:  medium              |     Resolution:
 Keywords:                      |  Ticket locked:  0
--------------------------------+-------------------------------

Comment (by David Hampton):

 I started looking at this yesterday, and m_encoderList is a pointer to
 tvList as defined in backendcontect.cpp.  The **Scheduler**,
 **!AutoExpire**, **!HttpStatus**, and **!MainServer** classes all hold
 pointers to this same structure (under different names).  There are also
 some direct references to tvList from main_helper.cpp, but those all
 appear to be in startup code.

 Running the test code from comment:11, I can cause crashes regularly.
 What's happening is that while running the list, one the calls to end() is
 causing the map to detach.[#point1 (1)]  That invalidates the iterator,
 leaving it pointing at the old copy of the map and not at the new copy of
 the map.  Once that happens the iterator will never equal end() and is
 guaranteed to fall off the end of the map.  Using constBegin() and
 constEnd() will prevent this problem as they never detach the map.

 What's unclear is where the code is "copying" the map and causing the
 reference count to increase. All of the pointers held by the various
 structures all point to the same tvList variable.  Unless a copy of that
 variable is made, the reference counter should never increase.  Just
 iterating over the map shouldn't bump the reference count and cause the
 test code to detach. What's needed is is a call to the constructor, or
 'operator=', or something like that.

 There are other threads referencing this list while the test code is
 running. I see **Scheduler::!AddNewRecords** being called, and there may
 be other references that I'm not seeing.

 [=#point1 (1)] It makes no sense to me that end() should ever detach.
 That seems guaranteed to leave you with an invalid iterator.  Only begin()
 should detach.

-- 
Ticket URL: <https://code.mythtv.org/trac/ticket/13571#comment:28>
MythTV <http://www.mythtv.org>
MythTV Media Center

More information about the mythtv-commits mailing list