Opened 15 years ago
Closed 15 years ago
#4171 closed bug (fixed)
SoundPlay is crashing when unflattening a BMessage.
| Reported by: | bga | Owned by: | axeld |
|---|---|---|---|
| Priority: | normal | Milestone: | R1 |
| Component: | Kits/Application Kit | Version: | R1/pre-alpha1 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
Maybe this could be related to the recent change introduced by hrev32039?
[Switching to team /boot/apps/SoundPlay/SoundPlay (458) thread SoundPlay (458)] 0xffff012c in ?? () (gdb) bt #0 0xffff012c in ?? () #1 0x00000000 in ?? () #2 0x00000004 in ?? () #3 0x004a45e3 in BMemoryIO::ReadAt () from /boot/system/lib/libbe.so #4 0x004a429a in BPositionIO::Read () from /boot/system/lib/libbe.so #5 0x003954f0 in BPrivate::MessageAdapter::_UnflattenR5Message () from /boot/system/lib/libbe.so #6 0x00394944 in BPrivate::MessageAdapter::Unflatten () from /boot/system/lib/libbe.so #7 0x0038fbea in BMessage::Unflatten () from /boot/system/lib/libbe.so #8 0x00393d38 in BMessage::FindMessage () from /boot/system/lib/libbe.so #9 0x00393cbe in BMessage::FindMessage () from /boot/system/lib/libbe.so #10 0x0024f133 in SoundPlayController::RetrievePreference () #11 0x00b54bdf in DeskbarView::Archive () from /boot/apps/SoundPlay/Plugins/DeskbarFFT #12 0x003c8ee4 in BDeskbar::AddItem () from /boot/system/lib/libbe.so #13 0x00b54163 in getplugin () from /boot/apps/SoundPlay/Plugins/DeskbarFFT #14 0x00258613 in aa3zzzzzzzzzzzzzzzzzzzzzzzzzzzzzz () #15 0x00238a20 in aaez () #16 0x00236dd4 in aahzzz () #17 0x00105b1a in runtime_loader () from /boot/system/runtime_loader #18 0x7ffeefec in ?? ()
Change History (4)
comment:1 by , 15 years ago
comment:2 by , 15 years ago
Hmmmm... My reasoning was this:
1 - Before that change, it worked.
2 - After it, it crashed.
3 - Removing SoundPlay preferences made it work again.
In any case, it could be a coincidence and the file with the flattened BMessage could simply be corrupt in some way. In any case, Unflatenning should not really crash, but only return an error.
comment:3 by , 15 years ago
Well if you are sure that it is hrev32039 that introduced that problem then just say so, to avoid further guessing.
The problem with BMessage unflattening is that the function doesn't get a length argument. It therefore doesn't have any clue how large the handed in buffer actually is. That makes returning an error in that case impossible, as you can't actually figure out that you're already reading behind the buffers end.
As I haven't seen anything in that direction up to now it's hard for me to investigate. The settings file in question or another reproducible test case is really the least I'd need.
I kinda doubt it is related to hrev32039 for two reasons: 1. the R5 unflattening done in the MessageAdapter has not been touched except for changing some loop variables from signed to unsigned in the flatten code (not hit in this case) and 2. it's not crashing in BMessage code but in BMemoryIO. It looks like either the BMemoryIO object is invalid (from glancing at the MessageAdapter code I wouldn't immediately see how this would happen) or it's reading outside accessible memory (likely). Could you provide me the settings file in question? Either that, or reverting hrev32039 and verifying if it is caused by it, would be the most helpful.