Bug#584605: audacity: Continuing to backtrace
I haven't had much time to work on this 'audacity' bug until today, but by tomorrow I hope to either provide draft patches that allow it to run on my system, or at least provide a more complete description of what's going wrong with the code. I see that upstream does not allow people to open their own accounts on their Bugzilla (like X.org does), so I will need the Debian Multimedia team to mediate for me. (I really wish that I could bisect using 'git'. Does the 'audacity' upstream use 'git', or do the Debian maintainers have their own 'git' repo where they merge new versions from upstream? http://packages.qa.debian.org/a/audacity.html See the VCS link on the left, there it is. Thanks for pointing this out! I have looked at info on packages.debian.org before, but never knew about the public VCS links. Reviewing the 'git' history, I found that the changes that break on my system were introduced in version 1.3.8. Reviewing old emails I sent out to people, I see that the last time I used 'audacity' was mid-March 2009 (!), not any time during 2010. The date on the emails allowed me to compare with the dates in changelog.Debian.gz -- and I see now that the Debian version I last used was 1.3.7-2. The fog is clearing. beginner with tools such as 'git' and 'gdb', but I did spend a month Given that you have a memory issue here, I'd like to recommend valgrind. That's a nice tool to spot out of bound access and the lot. I haven't tried valgrind yet. The free time during the past week that I might have used debugging 'audacity' was spent reading about, and experimenting with, 'gdb'. After reading the 'info' pages, and practicing with using it on some of my own homemade software, I'm getting a feel for using it -- stepping through the code, setting break points and watch points, etc. So far, it looks like the entire problem is limited to the changes made to open_mixer() in version 1.3.8 [file=lib-src/portmixer/src/ px_linux_alsa.c]. I won't know if there are problems beyond this function (or even the file) unless I can get open_mixer() to finish without segfaulting. On lines 124-142 (Debian version 1.3.12-3), an attempt is made to count the number of "selems" (sound elements?) so that dynamic memory can be reserved (line 144) for a local list of structures holding information about those elements which is filled up in lines 150-222. In the loop that counts the selems, the function snd_mixer_selem_get_enum_items() repeated returns negative error codes for the first half-dozen or dozen iterations of the "elem" pointer. This causes the value of dev-> numselems to quickly add up into the negative 100's range. Later, further iterations of "elem" begin to cause dev->numselems to add up to several hundred (positive). Here is the loop in question, with problematic line 139 marked with (*): for (elem = snd_mixer_first_elem(dev->handle); elem != NULL; elem = snd_mixer_elem_next(elem)) { if (playback) { if (snd_mixer_selem_has_common_volume(elem) || snd_mixer_selem_has_playback_volume(elem)) { dev->numselems++; } } else { if (snd_mixer_selem_get_capture_group(elem) >= 0) { dev->numselems++; } else if (snd_mixer_selem_is_enum_capture(elem)) { * dev->numselems += snd_mixer_selem_get_enum_items(elem); } } } Clearly, the error codes should be ignored and not added to dev-> numselems! The same sort of iteration of "elem" is made later, in the loop that fills up the array of information structures, and a very similar error in assuming there would be no error codes returned is made on line 199 (see Adrian's patch in Message #30 above on the BTS). I need to take a break for a while, but my next experiment will be to attempt a workaround in those two loops so that any error code returned by ALSA on an "elem" pointer will cause the loop to iterate to the next "elem" (continue). Miracle of miracles! Version 1.3.5 runs fine on my system -- no changes No miracle at all, they changed the code in px_linux_alsa.c. git bisect will tell you about it. Well, I reported that an earlier version of 'audacity' had been working for me, so I could not have meant that getting an older version to run was the miracle. Instead, I found it miraculous that this very old version of audacity would compile on this up-to-date Sid system, with much newer versions of its dependencies than had existed back with 1.3.5 was new! (But, yes, I probably overreacted ;-) More to come Dave W. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Tracking upstream sources more detailed (was: Bug#584605: audacity: Continuing to backtrace)
On Tue, Jun 15, 2010 at 02:30:52AM -0400, Dave Witbrodt wrote: (I really wish that I could bisect using 'git'. Does the 'audacity' upstream use 'git', or do the Debian maintainers have their own 'git' repo where they merge new versions from upstream? I am merely a beginner with tools such as 'git' and 'gdb', but I did spend a month debugging a kernel issue on LKML when kernel 2.6.26 was hanging during boot on two of my machines, so I believe I could bisect this if the sources were available via 'git'.) Good point! Never thought of this use before. In the future I will consider pulling in intermediate upstream versions too when updating upstream source - to help bisect. I believe in most cases it won't hurt size of our gits much. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
On Tue, Jun 15, 2010 at 02:30:52AM -0400, Dave Witbrodt wrote: > (I really wish that I could bisect using 'git'. Does the 'audacity' > upstream use 'git', or do the Debian maintainers have their own 'git' > repo where they merge new versions from upstream? I am merely a http://packages.qa.debian.org/a/audacity.html See the VCS link on the left, there it is. The easy way: $ debcheckout audacity This clones you the corresponding git repository. debcheckout is in the devscripts package. > beginner with tools such as 'git' and 'gdb', but I did spend a month Given that you have a memory issue here, I'd like to recommend valgrind. That's a nice tool to spot out of bound access and the lot. > Miracle of miracles! Version 1.3.5 runs fine on my system -- no changes No miracle at all, they changed the code in px_linux_alsa.c. git bisect will tell you about it. You might also want to have a look at the upstream svn and read the commit messages: http://code.google.com/p/audacity/source/browse/audacity-src/trunk Good luck. ;) -- mail: a...@thur.de http://adi.thur.de PGP/GPG: key via keyserver ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
I didn't accomplish very much after work tonight toward debugging this problem, but I have some new information to report. Since 'audacity' was working for me just a few months ago, I decided I wanted to try to locate an earlier version that works on my hardware. I looked at /usr/share/doc/audacity/changelog.Debian.gz, and my best guess is that I last used version 1.3.10. (I really wish that I could bisect using 'git'. Does the 'audacity' upstream use 'git', or do the Debian maintainers have their own 'git' repo where they merge new versions from upstream? I am merely a beginner with tools such as 'git' and 'gdb', but I did spend a month debugging a kernel issue on LKML when kernel 2.6.26 was hanging during boot on two of my machines, so I believe I could bisect this if the sources were available via 'git'.) In the meantime, it occurred to me that Squeeze or Lenny would have an older version I could try. Squeeze has the same version as Sid, but Lenny has (the very old) version 1.3.5. I decided that installing Lenny binaries in Sid would be a bad idea, but downloaded the sources and tried to build it. The only changes I had to make to allow the build to succeed were some paths to header files from the 'vamp-plugin-sdk' build-dependency. Miracle of miracles! Version 1.3.5 runs fine on my system -- no changes to my custom /etc/asound.conf file, kernel modules, or anything else were needed! I fully intended to dive into the 1.3.12 source code more seriously tonight, but once I had a working version of 'audacity'... I ended up just playing with it instead... :-( Reinhard: I disagree about FFMPEG being a problem in my case. I provided the warning about my usage of debian-multimedia.org packages of FFMPEG only for full disclosure. But it is clear that 'audacity' is crashing during startup on my system because of initialization routines that are trying to detect the ALSA devices available on my system. Nothing involving FFMPEG is being touched (so far as I can tell) either in the code where the crash occurs or in code reached before that point. I definitely agree that this bug should be taken upstream. However, I would like to work on understanding the problem for a few days longer, in the hope I can pin down more exactly why 'audacity' is choking when trying to grok my system's ALSA devices. Adrian and I have already discovered some poorly written code, and no doubt there is more such code in the vicinity which should be challenged upstream. Besides, this is my big chance to play with 'gdb', about which I know very little! I've been waiting for an opportunity like this ;-) Adrian: I see that you've looked at the code and have some ideas about what is going wrong and how to triage and instrument the crash. I really intended to look seriously at the code tonight, but when 1.3.5 actually worked... I just ended up playing with it, trying to figure out how to get my guitar pedal to output a stronger signal level so that my EMU 0404 card's inputs could deliver a decent sound level to 'audacity'. (I figured it out, BTW, but it wasn't obvious) Your suggestions look very interesting, and I hope to try some (or all) of them out tomorrow night after work. I agree that we are probably getting more negative return values in nearby code, where it was assumed there would be no errors. I have some ideas of my own in addition to yours, but I would like to look more carefully at the code first to try to get a handle on what it is _supposed_ to be doing. My guess last night (having barely looked at the code) was that they were trying to put together a list of capture devices -- something like what 'aplay -l' or 'aplay -L' would show -- but that they wrote fragile code which works on most machines but chokes on my EMU 0404 card. Thanks, and more to come... Dave W. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
On Sun, Jun 13, 2010 at 06:11:08PM -0400, Dave Witbrodt wrote: > *vol = snd_mixer_find_selem(dev->handle, sid); > i = 530 > In stack frame #2, we clearly have a value of 530 in "i". When did > that happen, since last we saw "i" was just set to 0? Weird. > This must mean that the "for" loop has iterated 529 times, and > dies the 530th time. I'm not sure if that's bad or good. Quite Me neither. I just read the code. Just an idea, everything is theoretical, given that this seems to be local to your system: The last fix was about line 199: 198 else if (snd_mixer_selem_is_enum_capture(elem)) { 199int cnt = snd_mixer_selem_get_enum_items(elem); We (you) discovered that this function returned a negative value. We also know that snd_mixer_selem_is_enum_capture must be true, otherwise, we wouldn't enter line 199 at all. Ok, now let's go back with this knowledge to line 139: 138 else if (snd_mixer_selem_is_enum_capture(elem)) { 139dev->numselems += snd_mixer_selem_get_enum_items(elem); and later: 144 dev->selems = calloc(dev->numselems, sizeof(PxSelem)); I wonder what happens if snd_mixer_selem_get_enum_items in line 139 returns a negative value as in line 199. This would make dev->numselems decrease and finally result in too few memory for dev->selems. When traversing this memory later, the iterator would finally make an out of bound access, perhaps causing a segfault. It could also be the case that some end markers were already overwritten, perhaps in your loop which increments i to 530. Possible approaches: 1. Change line 139 to always increment, never decrement 2. Artificially increase the memory pool for dev->selems 3. Add an assertion / check to the for loop comparing i against dev->numselems. 4. Understand why things are like they are on your system, understand the code and handle the corner case correctly. Find attached a "debug patch" that adds some noise to the output and hopefully gives you an idea where things go wrong. This is nothing for productive use, but it might move you a little closer to the culprit. If it starts with this patch, try removing the constant calloc size multiplier for line 144 and see if it fails again. You can also play with the constant until you run out of memory. ;) Things you could try, too: unload the kernel drivers for your various soundcards, one at a time, until audacity starts. > (At this point, it would be appropriate if someone could change the > title of this bug in the BTS, since the complaint about JACK not > running had nothing to do with the problem. I don't know my way > around the BTS well enough, yet, to do that -- not even sure if I > have the permissions to do it.) [x] done HTH -- mail: a...@thur.de http://adi.thur.de PGP/GPG: key via keyserver diff --git a/lib-src/portmixer/src/px_linux_alsa.c b/lib-src/portmixer/src/px_linux_alsa.c index 2b4e70f..e36bf7d 100644 --- a/lib-src/portmixer/src/px_linux_alsa.c +++ b/lib-src/portmixer/src/px_linux_alsa.c @@ -136,12 +136,14 @@ static int open_mixer(PxDev *dev, int card, int playback) dev->numselems++; } else if (snd_mixer_selem_is_enum_capture(elem)) { - dev->numselems += snd_mixer_selem_get_enum_items(elem); +if (0 < snd_mixer_selem_get_enum_items(elem)) { +dev->numselems += snd_mixer_selem_get_enum_items(elem); +} } } } - dev->selems = calloc(dev->numselems, sizeof(PxSelem)); + dev->selems = calloc(2*(dev->numselems), sizeof(PxSelem)); if (dev->selems == NULL) { break; } @@ -164,9 +166,13 @@ static int open_mixer(PxDev *dev, int card, int playback) snd_mixer_selem_get_name(elem), snd_mixer_selem_get_index(elem)); - dev->selems[i].elem = elem; - dev->selems[i].index = snd_mixer_selem_get_index(elem); - dev->selems[i].name = strdup(name); + if (i < dev->numselems) { + dev->selems[i].elem = elem; + dev->selems[i].index = snd_mixer_selem_get_index(elem); + dev->selems[i].name = strdup(name); + } else { + printf ("broken: i larger than dev->numselems\n"); + } if (!dev->selems[i].name) { break; } ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
Thank you for your very extensive analysis. On Mon, Jun 14, 2010 at 00:11:08 (CEST), Dave Witbrodt wrote: > The following discussion must be understood in the context of the packages > on my system. I believe that I am using FFMPEG from debian-multimedia.org: > > $ apt-cache policy libavformat52 > libavformat52: > Installed: 5:0.6~svn20100603-0.0 > Candidate: 5:0.6~svn20100603-0.0 > Version table: > *** 5:0.6~svn20100603-0.0 0 > 990 http://mirror.csclub.uwaterloo.ca unstable/main Packages > 100 /var/lib/dpkg/status >4:0.6~svn20100505-1 0 > 350 http://debian.osuosl.org experimental/main Packages >4:0.5.2-1 0 > 990 http://debian.osuosl.org unstable/main Packages > > If this is a critical issue in terms of dealing with this bug, please let > me know what changes to make in my local builds, or whether to cancel the > bug report entirely. So far, I am seeing evidence of real bugs in the > audacity source code, before external FFMPEG libraries are even involved. > *** END WARNING *** > *** I think this is the criticial issue for this bug. However, I'm pretty confident that this will happen with the ffmpeg version from experimental as well. You are doing excellent (upstream) work, which should definitly go in upstream. May I suggest to forward this analysis upstream, and ask them to confirm that audacity works against a copy of ffmpeg from the 0.6 branch: `svn export svn://svn.ffmpeg.org/ffmpeg/branches/0.6` I expect to release 0.6 this week, and will then upload "final" 0.6 packages to debian/experimental and ubuntu/maverick. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
Package: audacity Version: 1.3.12-3+fix03 Severity: normal Forgive the version listed above: it is from my local build, and is obviously not an official Debian package. After applying the patch suggested, I was getting a FTBFS: -- [...] g++ -c -g -O2 -g -Wall -O2 -I../lib-src/portmixer/include -I../lib-src/portaudio-v19/include -g -O2 -g -Wall -O2 -Wall -I/usr/lib/wx/include/gtk2-unicode-release-2.8 -I/usr/include/wx-2.8 -D_FILE_OFFSET_BITS=64 -D_LARGE_FILES -D__WXGTK__ -pthread -I../lib-src/FileDialog -g -O2 -Wall -I/home/dawitbro/sandbox/audacity/audacity-1.3.12/lib-src/lib-widget-extra -I../lib-src/sbsms/include -I/usr/include/soundtouch -I../lib-src/libnyquist -g -O2 -Wall -I/home/dawitbro/sandbox/audacity/audacity-1.3.12/lib-src/portsmf -fno-strict-aliasing -I./include -I. -DLIBDIR=\"/usr/lib\" -D__STDC_CONSTANT_MACROS -Wall -pthread -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 FFmpeg.cpp -o FFmpeg.o FFmpeg.cpp:257: error: invalid conversion from ‘int (*)(URLContext*, unsigned char*, int)’ to ‘int (*)(URLContext*, const unsigned char*, int)’ make[2]: *** [FFmpeg.o] Error 1 make[2]: Leaving directory `/home/dawitbro/sandbox/audacity/audacity-1.3.12/src' make[1]: *** [audacity] Error 2 make[1]: Leaving directory `/home/dawitbro/sandbox/audacity/audacity-1.3.12' make: *** [debian/stamp-makefile-build] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 -- The error was indicating the closing brace of this block of code: $ grep -n -A 7 "URLProtocol ufile_protocol" src/FFmpeg.cpp 250:URLProtocol ufile_protocol = { 251-"ufile", 252-ufile_open, 253-ufile_read, 254-ufile_write, 255-ufile_seek, 256-ufile_close, 257-}; Clearly there was some sort of type mismatch, so I looked around for a while. I thought I had found the definition of "URLProtocol" here: $ grep -A 12 "typedef struct URLProtocol" lib-src/ffmpeg/libavformat/avio.h typedef struct URLProtocol { const char *name; int (*url_open)(URLContext *h, const char *filename, int flags); int (*url_read)(URLContext *h, unsigned char *buf, int size); int (*url_write)(URLContext *h, unsigned char *buf, int size); int64_t (*url_seek)(URLContext *h, int64_t pos, int whence); int (*url_close)(URLContext *h); struct URLProtocol *next; int (*url_read_pause)(URLContext *h, int pause); int64_t (*url_read_seek)(URLContext *h, int stream_index, int64_t timestamp, int flags); int (*url_get_file_handle)(URLContext *h); } URLProtocol; And the prototypes which might match the 'make' error above are "url_open", "url_read", and "url_write"; these correspond to ufile_open(), ufile_read(), and ufile_write() in src/FFmpeg.cpp: $ egrep -n 'int ufile_(open|read|write)' src/FFmpeg.cpp 170:static int ufile_open(URLContext *h, const char *filename, int flags) 198:static int ufile_read(URLContext *h, unsigned char *buf, int size) 207:static int ufile_write(URLContext *h, unsigned char *buf, int size) I couldn't SEE any problem to cause 'make' to fail here. After about an hour it dawned on me that 'audacity' seems to be shipping its own FFMPEG code, but that the Debian sources for 'audacity' build-depend on an external FFMPEG. *** *** WARNING *** The following discussion must be understood in the context of the packages on my system. I believe that I am using FFMPEG from debian-multimedia.org: $ apt-cache policy libavformat52 libavformat52: Installed: 5:0.6~svn20100603-0.0 Candidate: 5:0.6~svn20100603-0.0 Version table: *** 5:0.6~svn20100603-0.0 0 990 http://mirror.csclub.uwaterloo.ca unstable/main Packages 100 /var/lib/dpkg/status 4:0.6~svn20100505-1 0 350 http://debian.osuosl.org experimental/main Packages 4:0.5.2-1 0 990 http://debian.osuosl.org unstable/main Packages If this is a critical issue in terms of dealing with this bug, please let me know what changes to make in my local builds, or whether to cancel the bug report entirely. So far, I am seeing evidence of real bugs in the audacity source code, before external FFMPEG libraries are even involved. *** END WARNING *** *** Once I realized that the build was being made against the external FFMPEG, I looked around at the listing of build dependencies and eventually discovered this: $ grep -Rn -A 12 "typedef struct URLProtocol" /usr/include/libavformat/avio.h 223:typedef struct URLProtocol { 224-const char *name; 225-int (*url_open)(URLContext *h, con