Skip to content

Commit

Permalink
* Force update interval to 1 second
Browse files Browse the repository at this point in the history 
* Add sleep inside AdaptiveTree.cpp to trigger the issue

From Kodi logs:

2023-02-08 18:02:11.679 T:22020    info <general>: Creating InputStream
2023-02-08 18:02:11.691 T:22020    info <general>: AddOnLog: inputstream.adaptive: [Repr. chooser] Resolution set: 4096x2304, max allowed: 8152x4436, Adjust refresh rate: 0
2023-02-08 18:02:11.989 T:22020    info <general>: AddOnLog: inputstream.adaptive: Successfully parsed manifest file (Periods: 1, Streams in first period: 2, Type: live)
2023-02-08 18:02:12.989 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG before RefreshLiveSegments()
2023-02-08 18:02:13.028 T:22020    info <general>: Creating Demuxer
2023-02-08 18:02:13.029 T:22020    info <general>: Opening stream: 1006 source: 256
2023-02-08 18:02:13.114 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG after RefreshLiveSegments()
2023-02-08 18:02:13.160 T:22020   error <general>: AddOnLog: inputstream.adaptive: DEBUG before sleep()
2023-02-08 18:02:14.114 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG before RefreshLiveSegments()
2023-02-08 18:02:14.135 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG after RefreshLiveSegments()
2023-02-08 18:02:15.135 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG before RefreshLiveSegments()
2023-02-08 18:02:15.155 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG after RefreshLiveSegments()
2023-02-08 18:02:16.155 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG before RefreshLiveSegments()
2023-02-08 18:02:16.161 T:22020   error <general>: AddOnLog: inputstream.adaptive: DEBUG after sleep()

Address sanitizer report:

==21945==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f402596e960 at pc 0x7f40131c4944 bp 0x7f402616de50 sp 0x7f402616de40
READ of size 8 at 0x7f402596e960 thread T53
    #0 0x7f40131c4943 in adaptive::AdaptiveStream::start_stream() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveStream.cpp:610
    xbmc#1 0x7f4013178317 in CInputStreamAdaptive::OpenStream(int) /home/dobo/kodi/inputstream.adaptive/src/main.cpp:309
    xbmc#2 0x7f4013187f07 in kodi::addon::CInstanceInputStream::ADDON_OpenStream(AddonInstance_InputStream const*, int) (/usr/lib/kodi/addons/inputstream.adaptive/inputstream.adaptive.so.20.3.2+0x387f07)
    xbmc#3 0x55abad48474b in CDVDDemuxClient::OpenStream(int) (/usr/lib/kodi/kodi.bin+0xb7c74b)
    xbmc#4 0x55abad508385 in CVideoPlayer::OpenStream(CCurrentStream&, long, int, int, bool) (/usr/lib/kodi/kodi.bin+0xc00385)
    xbmc#5 0x55abad508bba in CVideoPlayer::OpenDefaultStreams(bool) (/usr/lib/kodi/kodi.bin+0xc00bba)
    xbmc#6 0x55abad50a857 in CVideoPlayer::Prepare() (/usr/lib/kodi/kodi.bin+0xc02857)
    xbmc#7 0x55abad510d45 in CVideoPlayer::Process() (/usr/lib/kodi/kodi.bin+0xc08d45)
    xbmc#8 0x55abad758396 in CThread::Action() (/usr/lib/kodi/kodi.bin+0xe50396)
    xbmc#9 0x55abae0f0e24  (/usr/lib/kodi/kodi.bin+0x17e8e24)
    xbmc#10 0x55abad755dba  (/usr/lib/kodi/kodi.bin+0xe4ddba)
    xbmc#11 0x7f403d4d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82
    xbmc#12 0x7f403dd8cbb4  (/usr/lib/libc.so.6+0x85bb4)
    xbmc#13 0x7f403de0ed8f  (/usr/lib/libc.so.6+0x107d8f)

0x7f402596e960 is located 303456 bytes inside of 303840-byte region [0x7f4025924800,0x7f402596eae0)
freed by thread T57 here:
    #0 0x7f403fac178a in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:164
    xbmc#1 0x7f40131de17d in std::__new_allocator<adaptive::AdaptiveTree::Segment>::deallocate(adaptive::AdaptiveTree::Segment*, unsigned long) /usr/include/c++/12.2.1/bits/new_allocator.h:158
    xbmc#2 0x7f40131d974a in std::allocator_traits<std::allocator<adaptive::AdaptiveTree::Segment> >::deallocate(std::allocator<adaptive::AdaptiveTree::Segment>&, adaptive::AdaptiveTree::Segment*, unsigned long) /usr/include/c++/12.2.1/bits/alloc_traits.h:496
    xbmc#3 0x7f40131d33cb in std::_Vector_base<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::_M_deallocate(adaptive::AdaptiveTree::Segment*, unsigned long) /usr/include/c++/12.2.1/bits/stl_vector.h:387
    xbmc#4 0x7f40131edabd in std::_Vector_base<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::~_Vector_base() /usr/include/c++/12.2.1/bits/stl_vector.h:366
    xbmc#5 0x7f40131edb57 in std::vector<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::~vector() /usr/include/c++/12.2.1/bits/stl_vector.h:733
    xbmc#6 0x7f40131ea67f in adaptive::SPINCACHE<adaptive::AdaptiveTree::Segment>::~SPINCACHE() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.h:44
    xbmc#7 0x7f40131eae13 in adaptive::AdaptiveTree::Representation::~Representation() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.h:208
    xbmc#8 0x7f40131eb5c2 in adaptive::AdaptiveTree::AdaptationSet::~AdaptationSet() /home/dobo/kodi/inputstream.adaptive/src/parser/../common/AdaptiveTree.h:326
    xbmc#9 0x7f40131ecef6 in adaptive::AdaptiveTree::Period::~Period() /home/dobo/kodi/inputstream.adaptive/src/parser/../common/AdaptiveTree.h:462
    xbmc#10 0x7f40131e19ef in adaptive::AdaptiveTree::~AdaptiveTree() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.cpp:92
    xbmc#11 0x7f401323f6a4 in adaptive::DASHTree::~DASHTree() /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.h:16
    xbmc#12 0x7f401323f6bf in adaptive::DASHTree::~DASHTree() /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.h:16
    xbmc#13 0x7f401323f73c in std::default_delete<adaptive::DASHTree>::operator()(adaptive::DASHTree*) const /usr/include/c++/12.2.1/bits/unique_ptr.h:95
    xbmc#14 0x7f401323c926 in std::unique_ptr<adaptive::DASHTree, std::default_delete<adaptive::DASHTree> >::~unique_ptr() /usr/include/c++/12.2.1/bits/unique_ptr.h:396
    xbmc#15 0x7f4013237aa8 in adaptive::DASHTree::RefreshLiveSegments() /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.cpp:1962
    xbmc#16 0x7f40131e7842 in adaptive::AdaptiveTree::SegmentUpdateWorker() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.cpp:431
    xbmc#17 0x7f4013208eea in void std::__invoke_impl<void, void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*>(std::__invoke_memfun_deref, void (adaptive::AdaptiveTree::*&&)(), adaptive::AdaptiveTree*&&) /usr/include/c++/12.2.1/bits/invoke.h:74
    xbmc#18 0x7f4013208d56 in std::__invoke_result<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*>::type std::__invoke<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*>(void (adaptive::AdaptiveTree::*&&)(), adaptive::AdaptiveTree*&&) /usr/include/c++/12.2.1/bits/invoke.h:96
    xbmc#19 0x7f4013208cc6 in void std::thread::_Invoker<std::tuple<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/include/c++/12.2.1/bits/std_thread.h:258
    xbmc#20 0x7f4013208c7f in std::thread::_Invoker<std::tuple<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*> >::operator()() /usr/include/c++/12.2.1/bits/std_thread.h:265
    xbmc#21 0x7f4013208c63 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*> > >::_M_run() /usr/include/c++/12.2.1/bits/std_thread.h:210
    xbmc#22 0x7f403d4d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82

previously allocated by thread T53 here:
    #0 0x7f403fac0672 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95
    xbmc#1 0x7f40131deab1 in std::__new_allocator<adaptive::AdaptiveTree::Segment>::allocate(unsigned long, void const*) /usr/include/c++/12.2.1/bits/new_allocator.h:137
    xbmc#2 0x7f40131db727 in std::allocator_traits<std::allocator<adaptive::AdaptiveTree::Segment> >::allocate(std::allocator<adaptive::AdaptiveTree::Segment>&, unsigned long) /usr/include/c++/12.2.1/bits/alloc_traits.h:464
    xbmc#3 0x7f40131d5b81 in std::_Vector_base<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::_M_allocate(unsigned long) /usr/include/c++/12.2.1/bits/stl_vector.h:378
    xbmc#4 0x7f40131d1308 in std::vector<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::reserve(unsigned long) /usr/include/c++/12.2.1/bits/vector.tcc:79
    xbmc#5 0x7f401322dd61 in end /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.cpp:1253
    xbmc#6 0x7f403c4d8263  (/usr/lib/libexpat.so.1+0xd263)

Thread T53 created by T0 here:
    #0 0x7f403fa64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207
    xbmc#1 0x7f403d4d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663
    xbmc#2 0x7f403d4d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147

Thread T57 created by T53 here:
    #0 0x7f403fa64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207
    xbmc#1 0x7f403d4d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663
    xbmc#2 0x7f403d4d73a9 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147
    xbmc#3 0x7f40131e751e in adaptive::AdaptiveTree::StartUpdateThread() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.cpp:418
    xbmc#4 0x7f401323398d in adaptive::DASHTree::open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >) /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.cpp:1639
    xbmc#5 0x7f401328c8ed in SESSION::CSession::Initialize() /home/dobo/kodi/inputstream.adaptive/src/Session.cpp:248
    xbmc#6 0x7f4013175f30 in CInputStreamAdaptive::Open(kodi::addon::InputstreamProperty const&) /home/dobo/kodi/inputstream.adaptive/src/main.cpp:86
    xbmc#7 0x7f40131871d5 in kodi::addon::CInstanceInputStream::ADDON_Open(AddonInstance_InputStream const*, INPUTSTREAM_PROPERTY*) (/usr/lib/kodi/addons/inputstream.adaptive/inputstream.adaptive.so.20.3.2+0x3871d5)
    xbmc#8 0x55abad46eddc in CInputStreamAddon::Open() (/usr/lib/kodi/kodi.bin+0xb66ddc)

SUMMARY: AddressSanitizer: heap-use-after-free /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveStream.cpp:610 in adaptive::AdaptiveStream::start_stream()
Shadow bytes around the buggy address:
  0x0fe884b25cd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25ce0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25cf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25d10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0fe884b25d20: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
  0x0fe884b25d30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25d40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25d50: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0fe884b25d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe884b25d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==21945==ABORTING
  • Loading branch information
@dobo90
dobo90 committed Feb 8, 2023
1 parent 73d44b2 commit 3243687
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,8 @@ else()
endif()

add_definitions(-DUNICODE -D_UNICODE)
add_compile_options(-fsanitize=address)
add_link_options(-fsanitize=address)

include_directories(${EXPAT_INCLUDE_DIRS})
list(APPEND DEPLIBS ${EXPAT_LIBRARIES})
Expand Down
4 changes: 4 additions & 0 deletions src/common/AdaptiveStream.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -603,6 +603,10 @@ bool AdaptiveStream::start_stream()
return false;
}

LOG::Log(LOGERROR, "DEBUG before sleep()");
std::this_thread::sleep_for(std::chrono::seconds(3));
LOG::Log(LOGERROR, "DEBUG after sleep()");

currentPTSOffset_ = (next_segment->startPTS_ * current_rep_->timescale_ext_) /
current_rep_->timescale_int_;
absolutePTSOffset_ = (current_rep_->segments_.Get(0)->startPTS_ * current_rep_->timescale_ext_) /
Expand Down
2 changes: 2 additions & 0 deletions src/common/AdaptiveTree.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,9 @@ namespace adaptive
{
std::lock_guard<std::mutex> lck(treeMutex_);
lastUpdated_ = std::chrono::system_clock::now();
LOG::LogF(LOGERROR, "DEBUG before RefreshLiveSegments()");
RefreshLiveSegments();
LOG::LogF(LOGERROR, "DEBUG after RefreshLiveSegments()");
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/parser/DASHTree.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1056,7 +1056,7 @@ static void XMLCALL start(void* data, const char* el, const char** attr)
// We already do that so lets set our minimum updateInterval to 30s
if (dur == 0)
dur = 30000;
dash->SetUpdateInterval(static_cast<uint32_t>(dur));
dash->SetUpdateInterval(static_cast<uint32_t>(1000));
}
attr += 2;
}
Expand Down

0 comments on commit 3243687

Please sign in to comment.