Package: xine-ui Version: 0.99.5+cvs2007 Hi!
I was looking at bug #510606 and started trying to reproduce it. However, I can't see exactly the behaviour the original reporter described, but I see that xine gets a bit picky with long filenames, empty files and invalid paths, so I decided to write that up separately. > # test 1 > $ touch 1234567890 > $ xine 1234567890 > > This is xine (X11 gui) - a free video player v0.99.6cvs. > (c) 2000-2007 The xine Team. > system call fstat: Bad file descriptor > system call fstat: Bad file descriptor > object not accessible > call failed The weird things there are the calls to fstat with bad file descriptors. While this seems to be caught, it is an indicator of something going very wrong. Note that the filename is really only ten characters long, it rather seems to be related to the fact that the file is empty. When I ran xine on a logfile (just for testing), it didn't produce those two lines. Anyway, what xine does here is to produce two popups. The first one is > "*sight*, unknown error. (File is empty: 1234567890) Well, obviously the error is known, so that doesn't make sense. (Also it probably should be "*sigh*" not "*sight*".) The second popup is > - xine engine error - > Input plugin failed to open mrl '1234567890' This error seems a) wrong, since it did manage to open the file and b) superfluous since the first popup already explains all. Another weird things is that these two popups don't come in a fixed order! Most of the time the first one is in front of the second one, but not always! > # test 2 > $ touch 1234567890 > $ xine `pwd`1234567890 > > This is xine (X11 gui) - a free video player v0.99.6cvs. > (c) 2000-2007 The xine Team. > object not accessible > call failed Note here that the resulting argument does not actually resolve to a file, since 'pwd' doesn't have a trailing slash in its output. Again, I get two error popups, while one is enough. > # test 3 > # these are actually 200 characters below! > $ touch 1234567890...1234567890 > $ xine `pwd`1234567890...1234567890 > This is xine (X11 gui) - a free video player v0.99.6cvs. > (c) 2000-2007 The xine Team. > xiTK received SIGSEGV signal, RIP. > Aborted > xdg-screensaver: Window 71303875 does not exist Here, xine actually aborted with a segmentation violation. For a split second, it displayed the message > - xine engine error - > Input plugin failed to open mrl '/home/uli/tmp12345678901234567 Note here that the text really ends with a cut off path. Neither the full path is given nor even the closing single quote! Running the same in GDB produces the following output: > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x4f0f1480 (LWP 4765)] > _wordcopy_bwd_dest_aligned (dstp=1318006776, > srcp=1318006768, > len=1071651524) at wordcopy.c:391 > object not accessible > 391 wordcopy.c: No such file or directory. > in wordcopy.c > (gdb) bt > #0 _wordcopy_bwd_dest_aligned (dstp=1318006776, > srcp=1318006768, > len=1071651524) at wordcopy.c:391 > #1 0x0faa89dc in *__GI_memmove (dest=0x4f0ec4f2, > src=<value optimized out>, > len=4294967282) at memmove.c:99 > #2 0xe010069b in ?? () > Cannot access memory at address 0xf44f0ee8 Things to note here are that xine is trying to copy one billion (hex 0x3fe01ac4) words, which is more that a process in a 32-bit environment has as virtual address space, I think. Further up the stack, it is doing a __GI_memmove() which has as an actual size the value 0xfffffff2. How that value converts to a length of 0x3fe01ac4 in the call to _wordcopy_bwd_dest_aligned() is beyond me, and possibly worth a bug for some other code. Further testing with GDB turned up a few more things: 1. (gdb) run /home/uli/tmp1234567890 This creates an error message (no surprise here) but otherwise works as expected. 2. (gdb) run /home/uli/tmp12345678901234567890 This creates the same error messages, but on shutdown, xine receives a SIGSEGV in _int_free(). In the call stack is XCloseDisplay() though, so that might be a bug in Xlib. 3. (gdb) run /home/uli/tmp123456789012345678901234567890 Same as case 2. 4. (gdb) run /home/uli/tmp1234567890123456789012345678901234567890 At this size, it suddenly runs normally! I tried multiple times, I didn't see the same effect as with cases 2 and 3. 5. (gdb) run /home/uli/tmp12345678901234567890123456789012345678901234567890 Here we get the effects described above, with the SIGSEGV in the call to _wordcopy_bwd_dest_aligned(). The effects are all easy to reproduce. I'm going to compile a version locally with debug symbols and see if I can create more info or even a patch tomorrow. Cheers and good evening! Uli -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
