Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AdaptiveTree] Lock live segments in start_stream() #1121

Closed
wants to merge 1 commit into from
Closed

[AdaptiveTree] Lock live segments in start_stream() #1121

wants to merge 1 commit into from

Conversation

dobo90
Copy link
Contributor

@dobo90 dobo90 commented Feb 7, 2023
edited

Sometimes I'm encountering a crash when starting a live dash stream with a following backtrace:

#0  0x910819d4 in adaptive::AdaptiveStream::start_stream() (this=<optimized out>) at /usr/src/debug/kodi-addon-inputstream-adaptive/inputstream.adaptive-20.3.2-Nexus/src/common/AdaptiveStream.cpp:606
#1  0x91069d0c in CInputStreamAdaptive::OpenStream(int) (this=0xaf51fa68, streamid=1006) at /usr/src/debug/kodi-addon-inputstream-adaptive/inputstream.adaptive-20.3.2-Nexus/src/main.cpp:309
#2  0x00e2f5d4 in CDVDDemuxClient::OpenStream(int) ()
#3  0x00e97ad4 in CVideoPlayer::OpenStream(CCurrentStream&, long long, int, int, bool) ()
#4  0x00e9e3c8 in CVideoPlayer::OpenDefaultStreams(bool) ()
#5  0x00ea3b18 in CVideoPlayer::Prepare() ()
#6  0x00ea5dc0 in CVideoPlayer::Process() ()
#7  0x011dcc6c in CThread::Action() ()

AdaptiveStream.cpp:606 points to a following line:

  currentPTSOffset_ = (next_segment->startPTS_ * current_rep_->timescale_ext_) /
    current_rep_->timescale_int_;

After taking a look on the assembly listing:

(gdb) disas /m _ZN8adaptive14AdaptiveStream12start_streamEv ...
   0x910819c8 <+1592>:  ldrne   r3, [sp, #28]
   0x910819d0 <+1600>:  ldr     r4, [r3, #324]  ; 0x144
=> 0x910819d4 <+1604>:  ldr     r0, [r8, #40]   ; 0x28
   0x910819d8 <+1608>:  ldr     r12, [r8, #44]  ; 0x2c
   0x910819dc <+1612>:  mov     r8, #0
   0x910819e4 <+1620>:  mov     r3, r8
   0x910819e8 <+1624>:  umull   r0, r1, r0, r4
   0x910819ec <+1628>:  mov     r2, r9
   0x910819f0 <+1632>:  mla     r1, r4, r12, r1
   0x910819f4 <+1636>:  bl      0x9105a6b4 <__aeabi_uldivmod@plt>
...

it appears that $r3 contains a valid representation:

(gdb) p *((AdaptiveTree::Representation*) $r3)
$1 = {url_ = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/1080p/p_3f26ad64-5258-452e-9bdc-209c361003e9_1667995241000/init.mp4", id = "1080p", codecs_ = "avc1.640028",
  codec_private_data_ = "", source_url_ = "", base_url_ = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/", bandwidth_ = 5000000, samplingRate_ = 0, width_ = 1920, height_ = 1080,
  fpsRate_ = 25, fpsScale_ = 1, aspect_ = 0, assured_buffer_duration_ = 20, max_buffer_duration_ = 40, static BYTERANGE = 0, static INDEXRANGEEXACT = 1, static TEMPLATE = 2, static TIMELINE = 4,
  static INITIALIZATION = 8, static SEGMENTBASE = 16, static SUBTITLESTREAM = 32, static INCLUDEDSTREAM = 64, static URLSEGMENTS = 128, static ENABLED = 256, static WAITFORSEGMENT = 512,
  static INITIALIZATION_PREFIXED = 1024, static DOWNLOADED = 2048, static INITIALIZED = 4096, flags_ = 14, hdcpVersion_ = 0, indexRangeMin_ = 0, indexRangeMax_ = 0, channelCount_ = 0 '\000',
  nalLengthSize_ = 0 '\000', pssh_set_ = 2, expired_segments_ = 0, containerType_ = adaptive::AdaptiveTree::CONTAINERTYPE_MP4, segtpl_ = {
    initialization = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/1080p/p_3f26ad64-5258-452e-9bdc-209c361003e9_1667995241000/init.mp4",
    media = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/$RepresentationID$/p_3f26ad64-5258-452e-9bdc-209c361003e9_1667995241000/t$Time$.mp4",
    media_url = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/1080p/p_3f26ad64-5258-452e-9bdc-209c361003e9_1667995241000/t$Time$.mp4", timescale = 90000, duration = 230395},
  startNumber_ = 4, nextPts_ = 20170141682400, ptsOffset_ = 0, duration_ = 972288000, timescale_ = 90000, timescale_ext_ = 100, timescale_int_ = 9, initialization_ = {range_begin_ = 0,
    range_end_ = 18446744073709551615, url = "", startPTS_ = 0, m_duration = 0, pssh_set_ = 0}, segments_ = {basePos = 0, data = std::vector of length 4220, capacity 4220 = {{
        range_begin_ = 20169170085600, range_end_ = 1, url = "", startPTS_ = 20169170085600, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169170316000, range_end_ = 2, url = "",
        startPTS_ = 20169170316000, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169170546400, range_end_ = 3, url = "", startPTS_ = 20169170546400, m_duration = 0, pssh_set_ = 0}, {
        range_begin_ = 20169170776800, range_end_ = 4, url = "", startPTS_ = 20169170776800, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169171007200, range_end_ = 5, url = "",
        startPTS_ = 20169171007200, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169171237600, range_end_ = 6, url = "", startPTS_ = 20169171237600, m_duration = 0, pssh_set_ = 0}, {
        range_begin_ = 20169171468000, range_end_ = 7, url = "", startPTS_ = 20169171468000, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169171698400, range_end_ = 8, url = "",
...

$r8 should point to a valid next segment but doesn't:

(gdb) p *((adaptive::AdaptiveTree::Segment*) $r8)
Cannot access memory at address 0xa1a7dd88

After manually calculating next segment position in gdb it should point to:

(gdb) p ((AdaptiveTree::Representation*) $r3)->current_segment_ - &((AdaptiveTree::Representation*) $r3)->segments_.data[0] + 1
$2 = 4211
(gdb) p &((AdaptiveTree::Representation*) $r3)->segments_.data[4211]
$3 = (adaptive::AdaptiveTree::Segment *) 0x97ae9f10
(gdb) p ((AdaptiveTree::Representation*) $r3)->segments_.data[4211]
$4 = {range_begin_ = 20170140300000, range_end_ = 4212, url = "", startPTS_ = 20170140300000, m_duration = 0, pssh_set_ = 0}

My conclusion is that we are properly calculating next segment position but for some reason the memory got deallocated. My assumption is that updater thread has managed to parse the dash xml and update the segments.

I haven't tested it heavily. Can someone confirm whether it's possible that dash updater has corrupted memory when starting a stream?

@dobo90
[AdaptiveTree] Lock live segments in start_stream()
a3783e9 
Sometimes I'm encountering a crash when starting a live dash stream with a following backtrace:

#0  0x910819d4 in adaptive::AdaptiveStream::start_stream() (this=<optimized out>) at /usr/src/debug/kodi-addon-inputstream-adaptive/inputstream.adaptive-20.3.2-Nexus/src/common/AdaptiveStream.cpp:606
xbmc#1  0x91069d0c in CInputStreamAdaptive::OpenStream(int) (this=0xaf51fa68, streamid=1006) at /usr/src/debug/kodi-addon-inputstream-adaptive/inputstream.adaptive-20.3.2-Nexus/src/main.cpp:309
xbmc#2  0x00e2f5d4 in CDVDDemuxClient::OpenStream(int) ()
xbmc#3  0x00e97ad4 in CVideoPlayer::OpenStream(CCurrentStream&, long long, int, int, bool) ()
xbmc#4  0x00e9e3c8 in CVideoPlayer::OpenDefaultStreams(bool) ()
xbmc#5  0x00ea3b18 in CVideoPlayer::Prepare() ()
xbmc#6  0x00ea5dc0 in CVideoPlayer::Process() ()
xbmc#7  0x011dcc6c in CThread::Action() ()

AdaptiveStream.cpp:606 points to a following line:
```
  currentPTSOffset_ = (next_segment->startPTS_ * current_rep_->timescale_ext_) /
    current_rep_->timescale_int_;
```

After taking a look on the assembly listing:
(gdb) disas /m _ZN8adaptive14AdaptiveStream12start_streamEv
...
   0x910819c8 <+1592>:  ldrne   r3, [sp, xbmc#28]
   0x910819d0 <+1600>:  ldr     r4, [r3, xbmc#324]  ; 0x144
=> 0x910819d4 <+1604>:  ldr     r0, [r8, xbmc#40]   ; 0x28
   0x910819d8 <+1608>:  ldr     r12, [r8, xbmc#44]  ; 0x2c
   0x910819dc <+1612>:  mov     r8, #0
   0x910819e4 <+1620>:  mov     r3, r8
   0x910819e8 <+1624>:  umull   r0, r1, r0, r4
   0x910819ec <+1628>:  mov     r2, r9
   0x910819f0 <+1632>:  mla     r1, r4, r12, r1
   0x910819f4 <+1636>:  bl      0x9105a6b4 <__aeabi_uldivmod@plt>
...

it appears that $r3 contains a valid representation:
(gdb) p *((AdaptiveTree::Representation*) $r3)
$1 = {url_ = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/1080p/p_3f26ad64-5258-452e-9bdc-209c361003e9_1667995241000/init.mp4", id = "1080p", codecs_ = "avc1.640028",
  codec_private_data_ = "", source_url_ = "", base_url_ = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/", bandwidth_ = 5000000, samplingRate_ = 0, width_ = 1920, height_ = 1080,
  fpsRate_ = 25, fpsScale_ = 1, aspect_ = 0, assured_buffer_duration_ = 20, max_buffer_duration_ = 40, static BYTERANGE = 0, static INDEXRANGEEXACT = 1, static TEMPLATE = 2, static TIMELINE = 4,
  static INITIALIZATION = 8, static SEGMENTBASE = 16, static SUBTITLESTREAM = 32, static INCLUDEDSTREAM = 64, static URLSEGMENTS = 128, static ENABLED = 256, static WAITFORSEGMENT = 512,
  static INITIALIZATION_PREFIXED = 1024, static DOWNLOADED = 2048, static INITIALIZED = 4096, flags_ = 14, hdcpVersion_ = 0, indexRangeMin_ = 0, indexRangeMax_ = 0, channelCount_ = 0 '\000',
  nalLengthSize_ = 0 '\000', pssh_set_ = 2, expired_segments_ = 0, containerType_ = adaptive::AdaptiveTree::CONTAINERTYPE_MP4, segtpl_ = {
    initialization = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/1080p/p_3f26ad64-5258-452e-9bdc-209c361003e9_1667995241000/init.mp4",
    media = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/$RepresentationID$/p_3f26ad64-5258-452e-9bdc-209c361003e9_1667995241000/t$Time$.mp4",
    media_url = "http://lb2-e2-18.pluscdn.pl/ch/1456330/123/dash/294f032c/1080p/p_3f26ad64-5258-452e-9bdc-209c361003e9_1667995241000/t$Time$.mp4", timescale = 90000, duration = 230395},
  startNumber_ = 4, nextPts_ = 20170141682400, ptsOffset_ = 0, duration_ = 972288000, timescale_ = 90000, timescale_ext_ = 100, timescale_int_ = 9, initialization_ = {range_begin_ = 0,
    range_end_ = 18446744073709551615, url = "", startPTS_ = 0, m_duration = 0, pssh_set_ = 0}, segments_ = {basePos = 0, data = std::vector of length 4220, capacity 4220 = {{
        range_begin_ = 20169170085600, range_end_ = 1, url = "", startPTS_ = 20169170085600, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169170316000, range_end_ = 2, url = "",
        startPTS_ = 20169170316000, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169170546400, range_end_ = 3, url = "", startPTS_ = 20169170546400, m_duration = 0, pssh_set_ = 0}, {
        range_begin_ = 20169170776800, range_end_ = 4, url = "", startPTS_ = 20169170776800, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169171007200, range_end_ = 5, url = "",
        startPTS_ = 20169171007200, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169171237600, range_end_ = 6, url = "", startPTS_ = 20169171237600, m_duration = 0, pssh_set_ = 0}, {
        range_begin_ = 20169171468000, range_end_ = 7, url = "", startPTS_ = 20169171468000, m_duration = 0, pssh_set_ = 0}, {range_begin_ = 20169171698400, range_end_ = 8, url = "",
...

$r8 should point to a valid next segment but doesn't:
(gdb) p *((adaptive::AdaptiveTree::Segment*) $r8)
Cannot access memory at address 0xa1a7dd88

After manually calculating next segment position in gdb it should point to:
(gdb) p ((AdaptiveTree::Representation*) $r3)->current_segment_ - &((AdaptiveTree::Representation*) $r3)->segments_.data[0] + 1
$2 = 4211
(gdb) p &((AdaptiveTree::Representation*) $r3)->segments_.data[4211]
$3 = (adaptive::AdaptiveTree::Segment *) 0x97ae9f10
(gdb) p ((AdaptiveTree::Representation*) $r3)->segments_.data[4211]
$4 = {range_begin_ = 20170140300000, range_end_ = 4212, url = "", startPTS_ = 20170140300000, m_duration = 0, pssh_set_ = 0}

My conclusion is that we are properly calculating next segment position
but for some reason the memory got deallocated. My assumption is
that updater thread has managed to parse the dash xml and update the segments.
@CastagnaIT
Copy link
Collaborator

CastagnaIT commented Feb 7, 2023
edited

when there is a problem and you are not sure what you are doing,
you have always to follow this pattern:

  1. create an Issue by fullfill our template, if possible a way to reproduce the problem
  2. if you have to propose a possible fix, the open a Draft PR with only a summary of the problem, and link it to your issue

PR are not for discussions for problems, uncomplete investigations, or so

so please follow these simple contribution rules

@dobo90 dobo90 marked this pull request as draft February 7, 2023 20:09
@dobo90
Copy link
Contributor Author

dobo90 commented Feb 7, 2023

@CastagnaIT I've converted it to a draft. Do you want me to open an issue to move the discussion?

@glennguy
Copy link
Contributor

glennguy commented Feb 8, 2023

Hi @dobo90
If you could open an issue and post a debug log from it crashing that would be great. Would help us to understand a bit better what is happening

@dobo90
Copy link
Contributor Author

dobo90 commented Feb 8, 2023

Actually this is ready for the review. I was able to reproduce on my x86 machine by forcing update interval to 1 second and adding sleep inside start_stream(). This is the commit which does that dobo90@3243687. Beware that it also enables compilation with address sanitizer (it will work only on Linux machines). After compiling from specified commit, starting a live dash stream it will produce following error in address sanitizer.

==21945==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f402596e960 at pc 0x7f40131c4944 bp 0x7f402616de50 sp 0x7f402616de40
READ of size 8 at 0x7f402596e960 thread T53
    #0 0x7f40131c4943 in adaptive::AdaptiveStream::start_stream() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveStream.cpp:610
    https://github.com/xbmc/inputstream.adaptive/pull/1 0x7f4013178317 in CInputStreamAdaptive::OpenStream(int) /home/dobo/kodi/inputstream.adaptive/src/main.cpp:309
    https://github.com/xbmc/inputstream.adaptive/pull/2 0x7f4013187f07 in kodi::addon::CInstanceInputStream::ADDON_OpenStream(AddonInstance_InputStream const*, int) (/usr/lib/kodi/addons/inputstream.adaptive/inputstream.adaptive.so.20.3.2+0x387f07)
    https://github.com/xbmc/inputstream.adaptive/issues/3 0x55abad48474b in CDVDDemuxClient::OpenStream(int) (/usr/lib/kodi/kodi.bin+0xb7c74b)
    https://github.com/xbmc/inputstream.adaptive/issues/4 0x55abad508385 in CVideoPlayer::OpenStream(CCurrentStream&, long, int, int, bool) (/usr/lib/kodi/kodi.bin+0xc00385)
    https://github.com/xbmc/inputstream.adaptive/issues/5 0x55abad508bba in CVideoPlayer::OpenDefaultStreams(bool) (/usr/lib/kodi/kodi.bin+0xc00bba)
    https://github.com/xbmc/inputstream.adaptive/issues/6 0x55abad50a857 in CVideoPlayer::Prepare() (/usr/lib/kodi/kodi.bin+0xc02857)
    https://github.com/xbmc/inputstream.adaptive/issues/7 0x55abad510d45 in CVideoPlayer::Process() (/usr/lib/kodi/kodi.bin+0xc08d45)
    https://github.com/xbmc/inputstream.adaptive/issues/8 0x55abad758396 in CThread::Action() (/usr/lib/kodi/kodi.bin+0xe50396)
    https://github.com/xbmc/inputstream.adaptive/issues/9 0x55abae0f0e24  (/usr/lib/kodi/kodi.bin+0x17e8e24)
    https://github.com/xbmc/inputstream.adaptive/issues/10 0x55abad755dba  (/usr/lib/kodi/kodi.bin+0xe4ddba)
    https://github.com/xbmc/inputstream.adaptive/pull/11 0x7f403d4d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82
    https://github.com/xbmc/inputstream.adaptive/pull/12 0x7f403dd8cbb4  (/usr/lib/libc.so.6+0x85bb4)
    https://github.com/xbmc/inputstream.adaptive/issues/13 0x7f403de0ed8f  (/usr/lib/libc.so.6+0x107d8f)

0x7f402596e960 is located 303456 bytes inside of 303840-byte region [0x7f4025924800,0x7f402596eae0)
freed by thread T57 here:
    #0 0x7f403fac178a in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:164
    https://github.com/xbmc/inputstream.adaptive/pull/1 0x7f40131de17d in std::__new_allocator<adaptive::AdaptiveTree::Segment>::deallocate(adaptive::AdaptiveTree::Segment*, unsigned long) /usr/include/c++/12.2.1/bits/new_allocator.h:158
    https://github.com/xbmc/inputstream.adaptive/pull/2 0x7f40131d974a in std::allocator_traits<std::allocator<adaptive::AdaptiveTree::Segment> >::deallocate(std::allocator<adaptive::AdaptiveTree::Segment>&, adaptive::AdaptiveTree::Segment*, unsigned long) /usr/include/c++/12.2.1/bits/alloc_traits.h:496
    https://github.com/xbmc/inputstream.adaptive/issues/3 0x7f40131d33cb in std::_Vector_base<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::_M_deallocate(adaptive::AdaptiveTree::Segment*, unsigned long) /usr/include/c++/12.2.1/bits/stl_vector.h:387
    https://github.com/xbmc/inputstream.adaptive/issues/4 0x7f40131edabd in std::_Vector_base<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::~_Vector_base() /usr/include/c++/12.2.1/bits/stl_vector.h:366
    https://github.com/xbmc/inputstream.adaptive/issues/5 0x7f40131edb57 in std::vector<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::~vector() /usr/include/c++/12.2.1/bits/stl_vector.h:733
    https://github.com/xbmc/inputstream.adaptive/issues/6 0x7f40131ea67f in adaptive::SPINCACHE<adaptive::AdaptiveTree::Segment>::~SPINCACHE() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.h:44
    https://github.com/xbmc/inputstream.adaptive/issues/7 0x7f40131eae13 in adaptive::AdaptiveTree::Representation::~Representation() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.h:208
    https://github.com/xbmc/inputstream.adaptive/issues/8 0x7f40131eb5c2 in adaptive::AdaptiveTree::AdaptationSet::~AdaptationSet() /home/dobo/kodi/inputstream.adaptive/src/parser/../common/AdaptiveTree.h:326
    https://github.com/xbmc/inputstream.adaptive/issues/9 0x7f40131ecef6 in adaptive::AdaptiveTree::Period::~Period() /home/dobo/kodi/inputstream.adaptive/src/parser/../common/AdaptiveTree.h:462
    https://github.com/xbmc/inputstream.adaptive/issues/10 0x7f40131e19ef in adaptive::AdaptiveTree::~AdaptiveTree() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.cpp:92
    https://github.com/xbmc/inputstream.adaptive/pull/11 0x7f401323f6a4 in adaptive::DASHTree::~DASHTree() /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.h:16
    https://github.com/xbmc/inputstream.adaptive/pull/12 0x7f401323f6bf in adaptive::DASHTree::~DASHTree() /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.h:16
    https://github.com/xbmc/inputstream.adaptive/issues/13 0x7f401323f73c in std::default_delete<adaptive::DASHTree>::operator()(adaptive::DASHTree*) const /usr/include/c++/12.2.1/bits/unique_ptr.h:95
    https://github.com/xbmc/inputstream.adaptive/issues/14 0x7f401323c926 in std::unique_ptr<adaptive::DASHTree, std::default_delete<adaptive::DASHTree> >::~unique_ptr() /usr/include/c++/12.2.1/bits/unique_ptr.h:396
    https://github.com/xbmc/inputstream.adaptive/issues/15 0x7f4013237aa8 in adaptive::DASHTree::RefreshLiveSegments() /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.cpp:1962
    https://github.com/xbmc/inputstream.adaptive/issues/16 0x7f40131e7842 in adaptive::AdaptiveTree::SegmentUpdateWorker() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.cpp:431
    https://github.com/xbmc/inputstream.adaptive/issues/17 0x7f4013208eea in void std::__invoke_impl<void, void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*>(std::__invoke_memfun_deref, void (adaptive::AdaptiveTree::*&&)(), adaptive::AdaptiveTree*&&) /usr/include/c++/12.2.1/bits/invoke.h:74
    https://github.com/xbmc/inputstream.adaptive/issues/18 0x7f4013208d56 in std::__invoke_result<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*>::type std::__invoke<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*>(void (adaptive::AdaptiveTree::*&&)(), adaptive::AdaptiveTree*&&) /usr/include/c++/12.2.1/bits/invoke.h:96
    https://github.com/xbmc/inputstream.adaptive/issues/19 0x7f4013208cc6 in void std:thread:_Invoker<std::tuple<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/include/c++/12.2.1/bits/std_thread.h:258
    https://github.com/xbmc/inputstream.adaptive/issues/20 0x7f4013208c7f in std:thread:_Invoker<std::tuple<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*> >::operator()() /usr/include/c++/12.2.1/bits/std_thread.h:265
    https://github.com/xbmc/inputstream.adaptive/issues/21 0x7f4013208c63 in std:thread:_State_impl<std:thread:_Invoker<std::tuple<void (adaptive::AdaptiveTree::*)(), adaptive::AdaptiveTree*> > >::_M_run() /usr/include/c++/12.2.1/bits/std_thread.h:210
    https://github.com/xbmc/inputstream.adaptive/issues/22 0x7f403d4d72c2 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82

previously allocated by thread T53 here:
    #0 0x7f403fac0672 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95
    https://github.com/xbmc/inputstream.adaptive/pull/1 0x7f40131deab1 in std::__new_allocator<adaptive::AdaptiveTree::Segment>::allocate(unsigned long, void const*) /usr/include/c++/12.2.1/bits/new_allocator.h:137
    https://github.com/xbmc/inputstream.adaptive/pull/2 0x7f40131db727 in std::allocator_traits<std::allocator<adaptive::AdaptiveTree::Segment> >::allocate(std::allocator<adaptive::AdaptiveTree::Segment>&, unsigned long) /usr/include/c++/12.2.1/bits/alloc_traits.h:464
    https://github.com/xbmc/inputstream.adaptive/issues/3 0x7f40131d5b81 in std::_Vector_base<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::_M_allocate(unsigned long) /usr/include/c++/12.2.1/bits/stl_vector.h:378
    https://github.com/xbmc/inputstream.adaptive/issues/4 0x7f40131d1308 in std::vector<adaptive::AdaptiveTree::Segment, std::allocator<adaptive::AdaptiveTree::Segment> >::reserve(unsigned long) /usr/include/c++/12.2.1/bits/vector.tcc:79
    https://github.com/xbmc/inputstream.adaptive/issues/5 0x7f401322dd61 in end /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.cpp:1253
    https://github.com/xbmc/inputstream.adaptive/issues/6 0x7f403c4d8263  (/usr/lib/libexpat.so.1+0xd263)

Thread T53 created by T0 here:
    #0 0x7f403fa64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207
    https://github.com/xbmc/inputstream.adaptive/pull/1 0x7f403d4d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663
    https://github.com/xbmc/inputstream.adaptive/pull/2 0x7f403d4d73a9 in std:thread:_M_start_thread(std::unique_ptr<std:thread:_State, std::default_delete<std:thread:_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147

Thread T57 created by T53 here:
    #0 0x7f403fa64207 in __interceptor_pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:207
    https://github.com/xbmc/inputstream.adaptive/pull/1 0x7f403d4d73a9 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663
    https://github.com/xbmc/inputstream.adaptive/pull/2 0x7f403d4d73a9 in std:thread:_M_start_thread(std::unique_ptr<std:thread:_State, std::default_delete<std:thread:_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147
    https://github.com/xbmc/inputstream.adaptive/issues/3 0x7f40131e751e in adaptive::AdaptiveTree::StartUpdateThread() /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveTree.cpp:418
    https://github.com/xbmc/inputstream.adaptive/issues/4 0x7f401323398d in adaptive::DASHTree::open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >) /home/dobo/kodi/inputstream.adaptive/src/parser/DASHTree.cpp:1639
    https://github.com/xbmc/inputstream.adaptive/issues/5 0x7f401328c8ed in SESSION::CSession::Initialize() /home/dobo/kodi/inputstream.adaptive/src/Session.cpp:248
    https://github.com/xbmc/inputstream.adaptive/issues/6 0x7f4013175f30 in CInputStreamAdaptive::Open(kodi::addon::InputstreamProperty const&) /home/dobo/kodi/inputstream.adaptive/src/main.cpp:86
    https://github.com/xbmc/inputstream.adaptive/issues/7 0x7f40131871d5 in kodi::addon::CInstanceInputStream::ADDON_Open(AddonInstance_InputStream const*, INPUTSTREAM_PROPERTY*) (/usr/lib/kodi/addons/inputstream.adaptive/inputstream.adaptive.so.20.3.2+0x3871d5)
    https://github.com/xbmc/inputstream.adaptive/issues/8 0x55abad46eddc in CInputStreamAddon::Open() (/usr/lib/kodi/kodi.bin+0xb66ddc)

SUMMARY: AddressSanitizer: heap-use-after-free /home/dobo/kodi/inputstream.adaptive/src/common/AdaptiveStream.cpp:610 in adaptive::AdaptiveStream::start_stream()
Shadow bytes around the buggy address:
  0x0fe884b25cd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25ce0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25cf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25d10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0fe884b25d20: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
  0x0fe884b25d30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25d40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe884b25d50: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0fe884b25d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe884b25d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==21945==ABORTING

I've added also logs which indicate that update had happened during start_stream() and it invalidated segments.

2023-02-08 18:02:11.679 T:22020    info <general>: Creating InputStream
2023-02-08 18:02:11.691 T:22020    info <general>: AddOnLog: inputstream.adaptive: [Repr. chooser] Resolution set: 4096x2304, max allowed: 8152x4436, Adjust refresh rate: 0
2023-02-08 18:02:11.989 T:22020    info <general>: AddOnLog: inputstream.adaptive: Successfully parsed manifest file (Periods: 1, Streams in first period: 2, Type: live)
2023-02-08 18:02:12.989 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG before RefreshLiveSegments()
2023-02-08 18:02:13.028 T:22020    info <general>: Creating Demuxer
2023-02-08 18:02:13.029 T:22020    info <general>: Opening stream: 1006 source: 256
2023-02-08 18:02:13.114 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG after RefreshLiveSegments()
2023-02-08 18:02:13.160 T:22020   error <general>: AddOnLog: inputstream.adaptive: DEBUG before sleep()
2023-02-08 18:02:14.114 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG before RefreshLiveSegments()
2023-02-08 18:02:14.135 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG after RefreshLiveSegments()
2023-02-08 18:02:15.135 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG before RefreshLiveSegments()
2023-02-08 18:02:15.155 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG after RefreshLiveSegments()
2023-02-08 18:02:16.155 T:22024   error <general>: AddOnLog: inputstream.adaptive: SegmentUpdateWorker: DEBUG before RefreshLiveSegments()
2023-02-08 18:02:16.161 T:22020   error <general>: AddOnLog: inputstream.adaptive: DEBUG after sleep()

Applying commit in that PR fixes the issue (segement update won't happen during start_stream).

@dobo90 dobo90 marked this pull request as ready for review February 8, 2023 17:16
@CastagnaIT
Copy link
Collaborator

I see that you do not intend to follow our rules
I am closing your PR

@CastagnaIT CastagnaIT closed this Feb 8, 2023
@xbmc xbmc locked as too heated and limited conversation to collaborators Feb 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dobo90 @CastagnaIT @glennguy