I am trying to work out why VLC is segfaulting on FreeBSD, built as normal from the ports collection. This happens when I am playing from a m3u8 playlist that references network streams.
My debugging has extended to building it with debug symbols and getting useful backtraces.
The crash is happening in libtasn1, being called by gnutls. A trace is below.
I have racked it down to 2 places. in _asn1_delete_structure, it is clearly handling a tree structure, with down, right and left members. Somewhere, the down element in some elements is set to 0x17, which is of course a segfault when it tries to dereference it. I altered the code to treat 0x17 the same as NULL which allows it to continue, and sometimes play.
But most of the time now it crashes again in _asn1_find_up, trying to dereference pointers in a asn1_node_const structure that is clearly trashed:
Code:
(gdb) p *p$1 = { name = "\016\000\000\000\000\000\000\000h<\000\000\000\000\000\000\036\000\000\000\000\000\000\000\002\000\000\000\000\000\000\000\a\000\000\000\000\000\000\000p\377\000\000\000\000\000\000\b\000\000\000\000\000\000\000X\005\000\000\000\000\000\000\t", name_hash = 0, type = 24, value = 0x6ffffff9 <error: Cannot access memory at address 0x6ffffff9>, value_len = 52, down = 0x17, right = 0x104c8, left = 0x2, small_value = "0\000\000\000\000\000\000\000\003\000\000\000\000\000\000", tmp_ival = 118408, start = 0, end = 20}(gdb) p p$2 = (asn1_node_const) 0x80084eb80
Any pointers please? Full backtrace below.
Code:
Thread 23 received signal SIGSEGV, Segmentation fault.Address not mapped to object.[Switching to LWP 114640 of process 74629]0x000000081f848ae4 in _asn1_find_up (node=0x80084eb80) at parser_aux.c:531531 while ((p->left != NULL) && (p->left->right == p))(gdb) set filename-display absolute(gdb) bt#0 0x000000081f848ae4 in _asn1_find_up (node=0x80084eb80) at /usr/home/obj/ports/usr/ports/security/libtasn1/work/libtasn1-4.19.0/lib/parser_aux.c:531#1 0x000000081f84ab5d in _asn1_delete_structure (e_list=0x0, structure=0x821f22720, flags=0) at /usr/home/obj/ports/usr/ports/security/libtasn1/work/libtasn1-4.19.0/lib/structure.c:337#2 0x000000081f84aceb in asn1_delete_structure (structure=0x821f22720) at /usr/home/obj/ports/usr/ports/security/libtasn1/work/libtasn1-4.19.0/lib/structure.c:296#3 0x0000000821bf6ed3 in gnutls_x509_crt_deinit (cert=0x821f22720) at /usr/home/obj/ports/usr/ports/security/gnutls/work/gnutls-3.8.5/lib/x509/x509.c:295#4 0x0000000821c0c5b7 in gnutls_x509_trust_list_deinit (list=0x821468060, all=1) at /usr/home/obj/ports/usr/ports/security/gnutls/work/gnutls-3.8.5/lib/x509/verify-high.c:161#5 0x0000000821b2694e in gnutls_certificate_free_credentials (sc=0x821ea6000) at /usr/home/obj/ports/usr/ports/security/gnutls/work/gnutls-3.8.5/lib/cert-cred.c:382#6 0x000000081c7f52b1 in CloseClient (crd=0x8213b7120) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/modules/misc/gnutls.c:609#7 0x00000008007af486 in tls_unload (func=0x81c7f5290 <CloseClient>, ap=0x7fffdeaee720) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/network/tls.c:83#8 0x000000080072bc33 in vlc_module_unload (obj=0x8213b7120, module=0x800f49bc0, deinit=0x8007af410 <tls_unload>) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:344#9 0x00000008007af3fa in vlc_tls_Delete (crd=0x8213b7120) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/network/tls.c:134#10 0x000000081e1c8408 in vlc_http_mgr_destroy (mgr=0x8200002c0) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/modules/access/http/connmgr.c:285#11 0x000000081e1ba5b8 in Open (obj=0x8200721a0) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/modules/access/http/access.c:269#12 0x000000080072bd36 in generic_start (func=0x81e1ba040 <Open>, ap=0x7fffdeaee970) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:357#13 0x000000080072bb31 in module_load (obj=0x8200721a0, m=0x800f62550, init=0x80072bcc0 <generic_start>, args=0x7fffdeaeeba0) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:183#14 0x000000080072b684 in vlc_module_load (obj=0x8200721a0, capability=0x8006d8db2 "access", name=0x82000101d "", strict=true, probe=0x80072bcc0 <generic_start>) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:280#15 0x000000080072bcb1 in module_need (obj=0x8200721a0, cap=0x8006d8db2 "access", name=0x820001018 "https", strict=true) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:372#16 0x00000008007479f9 in access_New (parent=0x820072060, input=0x81fc05a60, preparsing=false, mrl=0x820015000 "https://jmp2.uk/PlutoTV/5ba3fb9c4b078e0f37ad34e8-alt.m3u8") at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/access.c:106#17 0x0000000800747e12 in stream_AccessNew (parent=0x821201060, input=0x81fc05a60, preparsing=false, url=0x820015000 "https://jmp2.uk/PlutoTV/5ba3fb9c4b078e0f37ad34e8-alt.m3u8") at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/access.c:279#18 0x0000000800770274 in InputDemuxNew (p_input=0x81fc05a60, p_source=0x821201060, --Type <RET> for more, q to quit, c to continue without paging--c psz_access=0x820017040 "https", psz_demux=0x820001010 "any", psz_path=0x820017048 "jmp2.uk/PlutoTV/5ba3fb9c4b078e0f37ad34e8-alt.m3u8", psz_anchor=0x8006ceeb8 "") at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/input.c:2621#19 0x000000080076f766 in InputSourceNew (p_input=0x81fc05a60, psz_mrl=0x820017000 "https://jmp2.uk/PlutoTV/5ba3fb9c4b078e0f37ad34e8-alt.m3u8", psz_forced_demux=0x0, b_in_can_fail=false) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/input.c:2754#20 0x0000000800768829 in Init (p_input=0x81fc05a60) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/input.c:1378#21 0x0000000800769d75 in Run (data=0x81fc05a60) at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/input.c:497#22 0x0000000800281ba5 in thread_start (curthread=0x81fc1e700) at /usr/src/lib/libthr/thread/thr_create.c:289#23 0x0000000000000000 in ?? ()Backtrace stopped: Cannot access memory at address 0x7fffdeaef000
Statistics: Posted by robbak — 07 Jul 2024 14:41