Opened 11 years ago
Closed 9 years ago
#10922 closed bug (fixed)
[app_server] crash in PicturePlayer::Play: buffer overrun
Reported by: | diver | Owned by: | axeld |
---|---|---|---|
Priority: | normal | Milestone: | R1 |
Component: | Servers/app_server | Version: | R1/Development |
Keywords: | Cc: | ||
Blocked By: | Blocking: | #11645 | |
Platform: | All |
Description
Launching XRS v1.13 unofficial beta2 crashes app_server .
state: Call (PicturePlayer::Play: buffer overrun) Frame IP Function Name ----------------------------------------------- 00000000 0x615fe112 commpage_syscall + 0x2 Disassembly: commpage_syscall: 0x615fe110: 89e1 mov %esp, %ecx 0x615fe112: 0f34 sysenter <-- Frame memory: 0x715633b8 0x279a571 debugger + 0x39 0x71563530 0x15924df BPrivate::PicturePlayer::Play(void*, int32, void*) + 0xdb 0x71563580 0x129cde6 ServerPicture::Play(DrawingContext*) + 0x8e 0x71564c00 0x12a568e ServerWindow::_DispatchViewDrawingMessage(int32, BPrivate::LinkReceiver&) + 0x2612 0x71564de0 0x12a2d81 ServerWindow::_DispatchViewMessage(int32, BPrivate::LinkReceiver&) + 0x2531 0x71564f10 0x12a0790 ServerWindow::_DispatchMessage(int32, BPrivate::LinkReceiver&) + 0x1270 0x71564f90 0x12a7756 ServerWindow::_MessageLooper() + 0x27a 0x71564fc0 0x1282c9a MessageLooper::_message_thread(void*) + 0x26 0x71564fe8 0x27a1621 thread_entry + 0x21 00000000 0x615fe250 commpage_thread_exit + 0
Attachments (2)
Change History (8)
by , 11 years ago
Attachment: | app_server-199-debug-08-06-2014-07-59-34.report added |
---|
by , 11 years ago
Attachment: | Xrs1.3unbeta2.zip added |
---|
comment:1 by , 11 years ago
follow-up: 3 comment:2 by , 11 years ago
It seems the picture data is corrupted or truncated. As each of the operations come with a size, I'm not sure the drawing operations are relevant.
It's possible that the picture comes from archived data (in a BMessage) and we have a compatibility problem with pictures archived on BeOS.
comment:3 by , 11 years ago
Replying to pulkomandy:
It seems the picture data is corrupted or truncated. As each of the operations come with a size, I'm not sure the drawing operations are relevant.
It's possible that the picture comes from archived data (in a BMessage) and we have a compatibility problem with pictures archived on BeOS.
That might very well be the case. I'm sure at least we treat strings differently.
comment:4 by , 10 years ago
Blocking: | 11645 added |
---|
comment:6 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
app_server no longer crashes. Fixed in hrev49620.
Would be interesting to compile libbe with DEBUG=2 (more specifically, just #define DEBUG 2 inside PicturePlayer.cpp). Then launch XRS. It SHOULD produce a file in /var/log/PicturePlayer.log with the BPicture ops used by XRS.