FS#6010 - Rockbox crash due to context menu recursion

Attached to Project: Rockbox
Opened by David (aw3se4dr5) - Sunday, 17 September 2006, 14:30 GMT
Last edited by Steve Bavin (pondlife) - Friday, 29 September 2006, 07:19 GMT
Task Type Bugs
Category User Interface
Status Closed
Assigned To No-one
Operating System All players
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


I can't really say what happens, but i can show you how to get to it.

1. Go To "Browse Plugins" Menu
2. Access the context menu of any plugin (Playlist, Playlist Catalogue, rename, delete, ...) [edited for clarity --RaeNye]
3. Press menu (or whatever button takes you to the main menu)
4. Go back to step 1 and repeat.
5. if you do it right, rockbox freezes and playback stops
This task depends upon

Closed by  Peter D'Hoye (petur)
Monday, 11 December 2006, 21:06 GMT
Reason for closing:  Fixed
Comment by Nils Wallménius (nls) - Sunday, 17 September 2006, 15:45 GMT
I can reproduce this on my H320 but it took quite some repeats.
Comment by Rani Hod (RaeNye) - Tuesday, 19 September 2006, 15:39 GMT
Confirmed on X5.
After 7 iterations, I got I40: PDIR1FULL at 00000007.
This happens on any 'Browse XXX' menu (I tried with plugins and themes).
Comment by Steve Bavin (pondlife) - Tuesday, 26 September 2006, 10:16 GMT
Can you still repro this with a new build? (I tried on my H340, but no crash occurred.)
Are just going into and out of the context menu? How many repeats, roughly? (10? 100?)
Comment by Rani Hod (RaeNye) - Thursday, 28 September 2006, 16:40 GMT
Reconfirmed on X5 simulator (25/9 build).
To reproduce, repeat the key sequence "REC, UP, UP, RIGHT, long SELECT" ~5 times
Comment by Steve Bavin (pondlife) - Friday, 29 September 2006, 07:10 GMT
Aha, got it on the H300 sim - thanks Rani.
I'm not familiar with the menu code, but it looks like this recurses through the following routines:
(#33 0x0040559b in main_menu () at main_menu.c:433)
#34 0x00408276 in onplay (file=0x369fb8c "/.rockbox/rocks/alpine_cdc.rock",
attr=2048, from=2) at onplay.c:995
#35 0x0041901c in dirbrowse () at tree.c:817
#36 0x00419b33 in rockbox_browse (root=0x45c1f9 "/.rockbox/rocks",
dirfilter=13) at tree.c:1210
#37 0x00405309 in plugin_browse () at main_menu.c:286
#38 0x00405915 in menu_run (m=0) at menu.c:183
#39 0x0040559b in main_menu () at main_menu.c:433
This results in a stack overflow.

I would guess the problem lies in onplay.c, lines 994-995. Somehow this should be returning a special value to result rather than continuing inwards. Someone who knows this code will need to take over though!
Comment by Nils Wallménius (nls) - Sunday, 15 October 2006, 11:11 GMT
patch 6189 claims to fix this crach, anyone tested?
Comment by Michael Doppler (flik) - Sunday, 22 October 2006, 08:33 GMT
I can still reproduce this on a 4G ipod color using yesterdays cvs build (061021-1612).
Comment by Peter D'Hoye (petur) - Sunday, 10 December 2006, 22:27 GMT
patch  FS#6189  seems to fix it but makes my device do weird things when reproducing this issue. Seems not to be the correct fix...
(it eventually crashed too)
Comment by Peter D'Hoye (petur) - Monday, 11 December 2006, 20:32 GMT
I wonder if this simple patch is acceptable... It disables main menu recursion the hard way