VLC segfaulting on FreeBSD.
Posted: 07 Jul 2024 14:41
I am trying to work out why VLC is segfaulting on FreeBSD, built as normal from the ports collection. This happens when I am playing from a m3u8 playlist that references network streams.
My debugging has extended to building it with debug symbols and getting useful backtraces.
The crash is happening in libtasn1, being called by gnutls. A trace is below.
I have racked it down to 2 places. in _asn1_delete_structure, it is clearly handling a tree structure, with down, right and left members. Somewhere, the down element in some elements is set to 0x17, which is of course a segfault when it tries to dereference it. I altered the code to treat 0x17 the same as NULL which allows it to continue, and sometimes play.
But most of the time now it crashes again in _asn1_find_up, trying to dereference pointers in a asn1_node_const structure that is clearly trashed:
Any pointers please? Full backtrace below.
My debugging has extended to building it with debug symbols and getting useful backtraces.
The crash is happening in libtasn1, being called by gnutls. A trace is below.
I have racked it down to 2 places. in _asn1_delete_structure, it is clearly handling a tree structure, with down, right and left members. Somewhere, the down element in some elements is set to 0x17, which is of course a segfault when it tries to dereference it. I altered the code to treat 0x17 the same as NULL which allows it to continue, and sometimes play.
But most of the time now it crashes again in _asn1_find_up, trying to dereference pointers in a asn1_node_const structure that is clearly trashed:
Code: Select all
(gdb) p *p
$1 = {
name = "\016\000\000\000\000\000\000\000h<\000\000\000\000\000\000\036\000\000\000\000\000\000\000\002\000\000\000\000\000\000\000\a\000\000\000\000\000\000\000p\377\000\000\000\000\000\000\b\000\000\000\000\000\000\000X\005\000\000\000\000\000\000\t", name_hash = 0, type = 24,
value = 0x6ffffff9 <error: Cannot access memory at address 0x6ffffff9>, value_len = 52,
down = 0x17, right = 0x104c8, left = 0x2,
small_value = "0\000\000\000\000\000\000\000\003\000\000\000\000\000\000",
tmp_ival = 118408, start = 0, end = 20}
(gdb) p p
$2 = (asn1_node_const) 0x80084eb80
Code: Select all
Thread 23 received signal SIGSEGV, Segmentation fault.
Address not mapped to object.
[Switching to LWP 114640 of process 74629]
0x000000081f848ae4 in _asn1_find_up (node=0x80084eb80) at parser_aux.c:531
531 while ((p->left != NULL) && (p->left->right == p))
(gdb) set filename-display absolute
(gdb) bt
#0 0x000000081f848ae4 in _asn1_find_up (node=0x80084eb80)
at /usr/home/obj/ports/usr/ports/security/libtasn1/work/libtasn1-4.19.0/lib/parser_aux.c:531
#1 0x000000081f84ab5d in _asn1_delete_structure (e_list=0x0, structure=0x821f22720, flags=0)
at /usr/home/obj/ports/usr/ports/security/libtasn1/work/libtasn1-4.19.0/lib/structure.c:337
#2 0x000000081f84aceb in asn1_delete_structure (structure=0x821f22720)
at /usr/home/obj/ports/usr/ports/security/libtasn1/work/libtasn1-4.19.0/lib/structure.c:296
#3 0x0000000821bf6ed3 in gnutls_x509_crt_deinit (cert=0x821f22720)
at /usr/home/obj/ports/usr/ports/security/gnutls/work/gnutls-3.8.5/lib/x509/x509.c:295
#4 0x0000000821c0c5b7 in gnutls_x509_trust_list_deinit (list=0x821468060, all=1)
at /usr/home/obj/ports/usr/ports/security/gnutls/work/gnutls-3.8.5/lib/x509/verify-high.c:161
#5 0x0000000821b2694e in gnutls_certificate_free_credentials (sc=0x821ea6000)
at /usr/home/obj/ports/usr/ports/security/gnutls/work/gnutls-3.8.5/lib/cert-cred.c:382
#6 0x000000081c7f52b1 in CloseClient (crd=0x8213b7120)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/modules/misc/gnutls.c:609
#7 0x00000008007af486 in tls_unload (func=0x81c7f5290 <CloseClient>, ap=0x7fffdeaee720)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/network/tls.c:83
#8 0x000000080072bc33 in vlc_module_unload (obj=0x8213b7120, module=0x800f49bc0,
deinit=0x8007af410 <tls_unload>)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:344
#9 0x00000008007af3fa in vlc_tls_Delete (crd=0x8213b7120)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/network/tls.c:134
#10 0x000000081e1c8408 in vlc_http_mgr_destroy (mgr=0x8200002c0)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/modules/access/http/connmgr.c:285
#11 0x000000081e1ba5b8 in Open (obj=0x8200721a0)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/modules/access/http/access.c:269
#12 0x000000080072bd36 in generic_start (func=0x81e1ba040 <Open>, ap=0x7fffdeaee970)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:357
#13 0x000000080072bb31 in module_load (obj=0x8200721a0, m=0x800f62550,
init=0x80072bcc0 <generic_start>, args=0x7fffdeaeeba0)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:183
#14 0x000000080072b684 in vlc_module_load (obj=0x8200721a0, capability=0x8006d8db2 "access",
name=0x82000101d "", strict=true, probe=0x80072bcc0 <generic_start>)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:280
#15 0x000000080072bcb1 in module_need (obj=0x8200721a0, cap=0x8006d8db2 "access",
name=0x820001018 "https", strict=true)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/modules/modules.c:372
#16 0x00000008007479f9 in access_New (parent=0x820072060, input=0x81fc05a60,
preparsing=false,
mrl=0x820015000 "https://jmp2.uk/PlutoTV/5ba3fb9c4b078e0f37ad34e8-alt.m3u8")
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/access.c:106
#17 0x0000000800747e12 in stream_AccessNew (parent=0x821201060, input=0x81fc05a60,
preparsing=false,
url=0x820015000 "https://jmp2.uk/PlutoTV/5ba3fb9c4b078e0f37ad34e8-alt.m3u8")
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/access.c:279
#18 0x0000000800770274 in InputDemuxNew (p_input=0x81fc05a60, p_source=0x821201060,
--Type <RET> for more, q to quit, c to continue without paging--c
psz_access=0x820017040 "https", psz_demux=0x820001010 "any",
psz_path=0x820017048 "jmp2.uk/PlutoTV/5ba3fb9c4b078e0f37ad34e8-alt.m3u8",
psz_anchor=0x8006ceeb8 "")
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/input.c:2621
#19 0x000000080076f766 in InputSourceNew (p_input=0x81fc05a60,
psz_mrl=0x820017000 "https://jmp2.uk/PlutoTV/5ba3fb9c4b078e0f37ad34e8-alt.m3u8",
psz_forced_demux=0x0, b_in_can_fail=false)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/input.c:2754
#20 0x0000000800768829 in Init (p_input=0x81fc05a60)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/input.c:1378
#21 0x0000000800769d75 in Run (data=0x81fc05a60)
at /usr/home/obj/ports/usr/ports/multimedia/vlc/work/vlc-3.0.21/src/input/input.c:497
#22 0x0000000800281ba5 in thread_start (curthread=0x81fc1e700)
at /usr/src/lib/libthr/thread/thr_create.c:289
#23 0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdeaef000