On Sun, Feb 13, 2005 at 01:12:07AM +0200, Baurjan Ismagulov wrote:
> The debugging build is not ready yet.
I've reproduced the bug with the debugging information. Some relevant
data:
Program terminated with signal 10, Bus error.
...
#0 0x706dbc6c in cache_plugin_read (this_gen=0x6d0d80,
buf=0xefffee58 "RIFF╛т\023", len=8) at input_cache.c:77
77 *((uint64_t *)buf) = *(uint64_t *)(&(this->buf[this->buf_pos]));
(gdb) p buf
$1 = 0xefffee58 "RIFF╛т\023"
(gdb) p &(((cache_input_plugin_t *)this_gen)->buf[((cache_input_plugin_t
*)this_gen)->buf_pos])
$2 = (uint8_t *) 0x6d0dc4 "LISTF\001"
The right-hand side is not aligned to 8 bytes. The application doesn't
crash with the workaround below (and doesn't work either, but this is
the subject for another bug :) ).
With kind regards,
Baurjan.
--- src/xine-engine/input_cache.c.orig 2005-02-13 11:56:03.000000000 +0200
+++ src/xine-engine/input_cache.c 2005-02-13 12:18:52.000000000 +0200
@@ -74,7 +74,7 @@
/* all bytes are in the buffer */
switch (len) {
case 8:
- *((uint64_t *)buf) = *(uint64_t *)(&(this->buf[this->buf_pos]));
+ memcpy(buf, &this->buf[this->buf_pos], sizeof(uint64_t));
break;
case 7:
buf[6] = (char)this->buf[this->buf_pos + 6];
@@ -87,7 +87,7 @@
buf[4] = (char)this->buf[this->buf_pos + 4];
/* fallthru */
case 4:
- *((uint32_t *)buf) = *(uint32_t *)(&(this->buf[this->buf_pos]));
+ memcpy(buf, &this->buf[this->buf_pos], sizeof(uint32_t));
break;
case 3:
buf[2] = (char)this->buf[this->buf_pos + 2];
