[haiku-bugs] Re: [Haiku] #11497: Media/mixer crash, either buffer "oops" or NULL indirection in float_to_float()

From: "ttcoder" <trac@xxxxxxxxxxxx>
Date: Fri, 21 Nov 2014 17:18:49 -0000

#11497: Media/mixer crash, either buffer "oops" or NULL indirection in
float_to_float()
-----------------------------------+----------------------------
   Reporter:  ttcoder              |      Owner:  nobody
       Type:  bug                  |     Status:  new
   Priority:  critical             |  Milestone:  R1/beta1
  Component:  Add-Ons/Media/Mixer  |    Version:  R1/Development
 Resolution:                       |   Keywords:
 Blocked By:                       |   Blocking:
Has a Patch:  0                    |   Platform:  All
-----------------------------------+----------------------------

Comment (by ttcoder):

 So for a few weeks now I've been hanging tight to hrev48168, not upgrading
 it, as it reproduces the bug reliably at boot-up (contrarily to previous
 revs which were irritatingly erratic in triggering the crash).

 Here's my findings, and why I'll need help to further track this down..

 After some groping the dark, I ended up with this mod of
 Resampler::float_to_float():

 {{{
 void
 Resampler::float_to_float(const void *_src, int32 srcSampleOffset,
         int32 srcSampleCount, void *_dest, int32 destSampleOffset,
         int32 destSampleCount, float _gain)
 {
         register const char * src = (const char *)_src;
 TRACE("src=%p \n", src);
 *dest = *src;
   ...
 }}}

 result:
 When crashing, debugger shows it crash after a handful of assembly lines,
 instead of further down... And of course, the TRACE() (enabled with
 -DDEBUG=2) shows this in syslog, which also confirms that the `src`
 pointer is NULL:

 {{{
 KERN: ### ERROR: BAD data! from buffer %ld
 KERN: src=(nil)
 KERN: vm_soft_fault: va 0x0 not covered by area in address space
 KERN: vm_page_fault: vm_soft_fault returned error 'Bad address' on fault
 at 0x0, ip 0x172bca6, write 0, user 1, thread 0x250
 KERN: vm_page_fault: thread "Audio Mixer control" (592) in team
 "media_addon_server" (577) tried to read address 0x0, ip 0x172bca6
 ("mixer.media_addon_seg0ro" +0x1aca6)
 KERN: debug_server: Thread 592 entered the debugger: Segment violation
 KERN: stack trace, current PC 0x172bca6
 float_to_float__9ResamplerPCvllPvllf + 0x3a:

 }}}

 So I added an error statement in `MixerInput::BufferReceived()`,
 conditional on `buffer->Data() == NULL` and it gets triggered as well
 (shows up above too).

 Then I ended up in AudioMixer::HandleEvent() which has this dangerous bit
 of code, doing an unconditional C-style unchecked cast (instead of a
 dynamic_cast ..etc):

 {{{
 AudioMixer::HandleEvent(const media_timed_event *event, bigtime_t
 lateness,
         bool realTimeEvent)
 {
         switch (event->type) {
                 case BTimedEventQueue::B_HANDLE_BUFFER:
                 {
                         HandleInputBuffer((BBuffer *)event->pointer,
 lateness);
                         ((BBuffer *)event->pointer)->Recycle();
                         break;
                 }

 }}}

 And there I am stuck, as the rest of the call chain is no longer in the
 mixer code, it gets into media server land ..etc.

 Any idea how to proceed next?

--
Ticket URL: <https://dev.haiku-os.org/ticket/11497#comment:1>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.

References:
- [haiku-bugs] [Haiku] #11497: Media/mixer crash, either buffer "oops" or NULL indirection in float_to_float()
  - From: ttcoder

[haiku-bugs] Re: [Haiku] #11497: Media/mixer crash, either buffer "oops" or NULL indirection in float_to_float()

Other related posts: