Rockbox

Tasklist

FS#5662 - Dircache-related crash

Attached to Project: Rockbox
Opened by Steve Bavin (pondlife) - Friday, 14 July 2006, 19:16 GMT
Task Type Bugs
Category User Interface
Status Closed
Assigned To No-one
Operating System All players
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Just as I thought it has gone away, the bug I hijacked #5570 for (or a very similar one) has recurred. Even better I can make it happen in the H300 simulstor!

I can make my H300 crash using the current CVS build if I do some file system navigation (down/down/right) immediately after boot up with dircache enabled. I'm not sure if this is voice related, but voice dirs are enabled. I've attached my config (see crash.cfg), although this may need the ipodColor.wps line removing to work on a plain CVS build (I'll try that when I get time).

Anyway, if I crash the sim using this, I get the following:

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 700.0x4a0]
0x00440f48 in strcasecmp (s1=0x366fbdd "ABBA",
s2=0x55555555 <Address 0x55555555 out of bounds>) at common/strcasecmp.c:7
7 while (*s1 != '\\0' && tolower(*s1) == tolower(*s2)) {
(gdb) bt
#0 0x00440f48 in strcasecmp (s1=0x366fbdd "ABBA",
s2=0x55555555 <Address 0x55555555 out of bounds>) at common/strcasecmp.c:7
#1 0x00443f5f in dircache_get_entry (path=0x4ea2c8 "/ABBA",
get_before=false, only_directories=true) at common/dircache.c:387
#2 0x00444c74 in opendir_cached (name=0x4ea2c8 "/ABBA")
at common/dircache.c:1097
#3 0x0041a50e in ft_load (c=0x4ea2c8, tempdir=0x0) at filetree.c:220
#4 0x00416b16 in update_dir () at tree.c:323
#5 0x00417a33 in dirbrowse () at tree.c:944
#6 0x004169ac in browse_root () at tree.c:257
#7 0x00404430 in app_main () at main.c:108
#8 0x0044cb22 in sim_app_main (param=0x0) at uisdl.c:185
#9 0x6bfb0adc in SDL_RunThread (data=0x3383278)
at ../../../SDL-1.2.9/src/thread/SDL_thread.c:218
#10 0x6bfb0dd1 in RunThread (data=0x3383278) at SDL_systhread.c:44
#11 0x7c57b388 in lstrcmpiW () from /cygdrive/d/WINNT/system32/KERNEL32.DLL
#12 0x0022f7e0 in ?? ()
#13 0x00000600 in ?? ()
#14 0x03383278 in ?? ()
#15 0x7ffdc000 in ?? ()
#16 0x77f81310 in ?? ()
#17 0x0366ffc0 in ?? ()
#18 0x77f81310 in ?? ()
#19 0xffffffff in ?? ()
#20 0x7c5c1f54 in UTUnRegister () from /cygdrive/d/WINNT/system32/KERNEL32.DLL
#21 0x7c572b08 in WmiMofEnumerateResourcesW ()
from /cygdrive/d/WINNT/system32/KERNEL32.DLL
#22 0x00000000 in ?? () from
(gdb) print dircache_root
$1 = (struct dircache_entry *) 0x606b34
(gdb) print dircache_root[0].next
$2 = (struct dircache_entry *) 0x55555555

That 0x55555555 looks like an uninitialised entry, or is it a special value?

More details when I get time....
This task depends upon

Closed by  Steve Bavin (pondlife)
Thursday, 03 August 2006, 11:42 GMT
Reason for closing:  Accepted
Additional comments about closing:  Now fixed in CVS.
Comment by Steve Bavin (pondlife) - Tuesday, 18 July 2006, 08:24 GMT
Another example back trace (FWIW):

#0 0x0043eff5 in strncpy (dst0=0x606310 "ÿó8Ä",
src0=0x55555555 <Address 0x55555555 out of bounds>, count=258)
at common/strncpy.c:116
#1 0x00444dda in readdir_cached (dir=0x25c6310) at common/dircache.c:1145
#2 0x0041a55a in ft_load (c=0x4ea2c8, tempdir=0x0) at filetree.c:229
#3 0x00416b16 in update_dir () at tree.c:323
#4 0x00417a33 in dirbrowse () at tree.c:944
#5 0x004169ac in browse_root () at tree.c:257
#6 0x00404430 in app_main () at main.c:108
...
Comment by Steve Bavin (pondlife) - Thursday, 20 July 2006, 16:32 GMT
This is only a problem if .talk clips are being used (for directories). If I disable thesem, or use the number/spell options, there is no crash.
Looks like something in the .talk handling is corrupting memory and this memory happens to contain the dircache.
Comment by Steve Bavin (pondlife) - Friday, 21 July 2006, 09:15 GMT
Another clue - this doesn't happen if voice menus are enabled and a voiced menu entry is played first. So maybe there is something not being properly initialised if .talk clips are used without voice menu playback?
Comment by Steve Bavin (pondlife) - Friday, 21 July 2006, 16:00 GMT
This is fixed by patch #5690 - http://www.rockbox.org/tracker/task/5690.

Loading...