Bug#584605: audacity: Continuing to backtrace
I haven't had much time to work on this 'audacity' bug until today, but
by tomorrow I hope to either provide draft patches that allow it to run
on my system, or at least provide a more complete description of what's
going wrong with the code.
I see that upstream does not allow people to open their own accounts on
their Bugzilla (like X.org does), so I will need the Debian Multimedia
team to mediate for me.
(I really wish that I could bisect using 'git'. Does the 'audacity'
upstream use 'git', or do the Debian maintainers have their own 'git'
repo where they merge new versions from upstream?
http://packages.qa.debian.org/a/audacity.html
See the VCS link on the left, there it is.
Thanks for pointing this out! I have looked at info on
packages.debian.org before, but never knew about the public VCS links.
Reviewing the 'git' history, I found that the changes that break on my
system were introduced in version 1.3.8.
Reviewing old emails I sent out to people, I see that the last time I
used 'audacity' was mid-March 2009 (!), not any time during 2010. The
date on the emails allowed me to compare with the dates in
changelog.Debian.gz -- and I see now that the Debian version I last used
was 1.3.7-2. The fog is clearing.
beginner with tools such as 'git' and 'gdb', but I did spend a month
Given that you have a memory issue here, I'd like to recommend valgrind.
That's a nice tool to spot out of bound access and the lot.
I haven't tried valgrind yet. The free time during the past week that I
might have used debugging 'audacity' was spent reading about, and
experimenting with, 'gdb'. After reading the 'info' pages, and
practicing with using it on some of my own homemade software, I'm
getting a feel for using it -- stepping through the code, setting break
points and watch points, etc.
So far, it looks like the entire problem is limited to the changes made
to open_mixer() in version 1.3.8 [file=lib-src/portmixer/src/
px_linux_alsa.c]. I won't know if there are problems beyond this
function (or even the file) unless I can get open_mixer() to finish
without segfaulting.
On lines 124-142 (Debian version 1.3.12-3), an attempt is made to count
the number of "selems" (sound elements?) so that dynamic memory can be
reserved (line 144) for a local list of structures holding information
about those elements which is filled up in lines 150-222. In the loop
that counts the selems, the function snd_mixer_selem_get_enum_items()
repeated returns negative error codes for the first half-dozen or dozen
iterations of the "elem" pointer. This causes the value of dev->
numselems to quickly add up into the negative 100's range. Later,
further iterations of "elem" begin to cause dev->numselems to add up to
several hundred (positive). Here is the loop in question, with
problematic line 139 marked with (*):
for (elem = snd_mixer_first_elem(dev->handle);
elem != NULL;
elem = snd_mixer_elem_next(elem))
{
if (playback) {
if (snd_mixer_selem_has_common_volume(elem) ||
snd_mixer_selem_has_playback_volume(elem)) {
dev->numselems++;
}
}
else {
if (snd_mixer_selem_get_capture_group(elem) >= 0) {
dev->numselems++;
}
else if (snd_mixer_selem_is_enum_capture(elem)) {
* dev->numselems += snd_mixer_selem_get_enum_items(elem);
}
}
}
Clearly, the error codes should be ignored and not added to dev->
numselems! The same sort of iteration of "elem" is made later, in the
loop that fills up the array of information structures, and a very
similar error in assuming there would be no error codes returned is made
on line 199 (see Adrian's patch in Message #30 above on the BTS).
I need to take a break for a while, but my next experiment will be to
attempt a workaround in those two loops so that any error code returned
by ALSA on an "elem" pointer will cause the loop to iterate to the next
"elem" (continue).
Miracle of miracles! Version 1.3.5 runs fine on my system -- no changes
No miracle at all, they changed the code in px_linux_alsa.c. git bisect
will tell you about it.
Well, I reported that an earlier version of 'audacity' had been working
for me, so I could not have meant that getting an older version to run
was the miracle.
Instead, I found it miraculous that this very old version of audacity
would compile on this up-to-date Sid system, with much newer versions of
its dependencies than had existed back with 1.3.5 was new! (But, yes, I
probably overreacted ;-)
More to come
Dave W.
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Tracking upstream sources more detailed (was: Bug#584605: audacity: Continuing to backtrace)
On Tue, Jun 15, 2010 at 02:30:52AM -0400, Dave Witbrodt wrote: (I really wish that I could bisect using 'git'. Does the 'audacity' upstream use 'git', or do the Debian maintainers have their own 'git' repo where they merge new versions from upstream? I am merely a beginner with tools such as 'git' and 'gdb', but I did spend a month debugging a kernel issue on LKML when kernel 2.6.26 was hanging during boot on two of my machines, so I believe I could bisect this if the sources were available via 'git'.) Good point! Never thought of this use before. In the future I will consider pulling in intermediate upstream versions too when updating upstream source - to help bisect. I believe in most cases it won't hurt size of our gits much. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
On Tue, Jun 15, 2010 at 02:30:52AM -0400, Dave Witbrodt wrote: > (I really wish that I could bisect using 'git'. Does the 'audacity' > upstream use 'git', or do the Debian maintainers have their own 'git' > repo where they merge new versions from upstream? I am merely a http://packages.qa.debian.org/a/audacity.html See the VCS link on the left, there it is. The easy way: $ debcheckout audacity This clones you the corresponding git repository. debcheckout is in the devscripts package. > beginner with tools such as 'git' and 'gdb', but I did spend a month Given that you have a memory issue here, I'd like to recommend valgrind. That's a nice tool to spot out of bound access and the lot. > Miracle of miracles! Version 1.3.5 runs fine on my system -- no changes No miracle at all, they changed the code in px_linux_alsa.c. git bisect will tell you about it. You might also want to have a look at the upstream svn and read the commit messages: http://code.google.com/p/audacity/source/browse/audacity-src/trunk Good luck. ;) -- mail: a...@thur.de http://adi.thur.de PGP/GPG: key via keyserver ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
I didn't accomplish very much after work tonight toward debugging this problem, but I have some new information to report. Since 'audacity' was working for me just a few months ago, I decided I wanted to try to locate an earlier version that works on my hardware. I looked at /usr/share/doc/audacity/changelog.Debian.gz, and my best guess is that I last used version 1.3.10. (I really wish that I could bisect using 'git'. Does the 'audacity' upstream use 'git', or do the Debian maintainers have their own 'git' repo where they merge new versions from upstream? I am merely a beginner with tools such as 'git' and 'gdb', but I did spend a month debugging a kernel issue on LKML when kernel 2.6.26 was hanging during boot on two of my machines, so I believe I could bisect this if the sources were available via 'git'.) In the meantime, it occurred to me that Squeeze or Lenny would have an older version I could try. Squeeze has the same version as Sid, but Lenny has (the very old) version 1.3.5. I decided that installing Lenny binaries in Sid would be a bad idea, but downloaded the sources and tried to build it. The only changes I had to make to allow the build to succeed were some paths to header files from the 'vamp-plugin-sdk' build-dependency. Miracle of miracles! Version 1.3.5 runs fine on my system -- no changes to my custom /etc/asound.conf file, kernel modules, or anything else were needed! I fully intended to dive into the 1.3.12 source code more seriously tonight, but once I had a working version of 'audacity'... I ended up just playing with it instead... :-( Reinhard: I disagree about FFMPEG being a problem in my case. I provided the warning about my usage of debian-multimedia.org packages of FFMPEG only for full disclosure. But it is clear that 'audacity' is crashing during startup on my system because of initialization routines that are trying to detect the ALSA devices available on my system. Nothing involving FFMPEG is being touched (so far as I can tell) either in the code where the crash occurs or in code reached before that point. I definitely agree that this bug should be taken upstream. However, I would like to work on understanding the problem for a few days longer, in the hope I can pin down more exactly why 'audacity' is choking when trying to grok my system's ALSA devices. Adrian and I have already discovered some poorly written code, and no doubt there is more such code in the vicinity which should be challenged upstream. Besides, this is my big chance to play with 'gdb', about which I know very little! I've been waiting for an opportunity like this ;-) Adrian: I see that you've looked at the code and have some ideas about what is going wrong and how to triage and instrument the crash. I really intended to look seriously at the code tonight, but when 1.3.5 actually worked... I just ended up playing with it, trying to figure out how to get my guitar pedal to output a stronger signal level so that my EMU 0404 card's inputs could deliver a decent sound level to 'audacity'. (I figured it out, BTW, but it wasn't obvious) Your suggestions look very interesting, and I hope to try some (or all) of them out tomorrow night after work. I agree that we are probably getting more negative return values in nearby code, where it was assumed there would be no errors. I have some ideas of my own in addition to yours, but I would like to look more carefully at the code first to try to get a handle on what it is _supposed_ to be doing. My guess last night (having barely looked at the code) was that they were trying to put together a list of capture devices -- something like what 'aplay -l' or 'aplay -L' would show -- but that they wrote fragile code which works on most machines but chokes on my EMU 0404 card. Thanks, and more to come... Dave W. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
On Sun, Jun 13, 2010 at 06:11:08PM -0400, Dave Witbrodt wrote:
> *vol = snd_mixer_find_selem(dev->handle, sid);
> i = 530
> In stack frame #2, we clearly have a value of 530 in "i". When did
> that happen, since last we saw "i" was just set to 0?
Weird.
> This must mean that the "for" loop has iterated 529 times, and
> dies the 530th time. I'm not sure if that's bad or good. Quite
Me neither.
I just read the code. Just an idea, everything is theoretical, given
that this seems to be local to your system:
The last fix was about line 199:
198 else if (snd_mixer_selem_is_enum_capture(elem)) {
199int cnt = snd_mixer_selem_get_enum_items(elem);
We (you) discovered that this function returned a negative value. We
also know that snd_mixer_selem_is_enum_capture must be true, otherwise,
we wouldn't enter line 199 at all.
Ok, now let's go back with this knowledge to line 139:
138 else if (snd_mixer_selem_is_enum_capture(elem)) {
139dev->numselems += snd_mixer_selem_get_enum_items(elem);
and later:
144 dev->selems = calloc(dev->numselems, sizeof(PxSelem));
I wonder what happens if snd_mixer_selem_get_enum_items in line 139
returns a negative value as in line 199. This would make dev->numselems
decrease and finally result in too few memory for dev->selems.
When traversing this memory later, the iterator would finally make an
out of bound access, perhaps causing a segfault.
It could also be the case that some end markers were already
overwritten, perhaps in your loop which increments i to 530.
Possible approaches:
1. Change line 139 to always increment, never decrement
2. Artificially increase the memory pool for dev->selems
3. Add an assertion / check to the for loop comparing i against
dev->numselems.
4. Understand why things are like they are on your system, understand
the code and handle the corner case correctly.
Find attached a "debug patch" that adds some noise to the output and
hopefully gives you an idea where things go wrong.
This is nothing for productive use, but it might move you a little
closer to the culprit. If it starts with this patch, try removing the
constant calloc size multiplier for line 144 and see if it fails again.
You can also play with the constant until you run out of memory. ;)
Things you could try, too: unload the kernel drivers for your various
soundcards, one at a time, until audacity starts.
> (At this point, it would be appropriate if someone could change the
> title of this bug in the BTS, since the complaint about JACK not
> running had nothing to do with the problem. I don't know my way
> around the BTS well enough, yet, to do that -- not even sure if I
> have the permissions to do it.)
[x] done
HTH
--
mail: a...@thur.de http://adi.thur.de PGP/GPG: key via keyserver
diff --git a/lib-src/portmixer/src/px_linux_alsa.c b/lib-src/portmixer/src/px_linux_alsa.c
index 2b4e70f..e36bf7d 100644
--- a/lib-src/portmixer/src/px_linux_alsa.c
+++ b/lib-src/portmixer/src/px_linux_alsa.c
@@ -136,12 +136,14 @@ static int open_mixer(PxDev *dev, int card, int playback)
dev->numselems++;
}
else if (snd_mixer_selem_is_enum_capture(elem)) {
- dev->numselems += snd_mixer_selem_get_enum_items(elem);
+if (0 < snd_mixer_selem_get_enum_items(elem)) {
+dev->numselems += snd_mixer_selem_get_enum_items(elem);
+}
}
}
}
- dev->selems = calloc(dev->numselems, sizeof(PxSelem));
+ dev->selems = calloc(2*(dev->numselems), sizeof(PxSelem));
if (dev->selems == NULL) {
break;
}
@@ -164,9 +166,13 @@ static int open_mixer(PxDev *dev, int card, int playback)
snd_mixer_selem_get_name(elem),
snd_mixer_selem_get_index(elem));
- dev->selems[i].elem = elem;
- dev->selems[i].index = snd_mixer_selem_get_index(elem);
- dev->selems[i].name = strdup(name);
+ if (i < dev->numselems) {
+ dev->selems[i].elem = elem;
+ dev->selems[i].index = snd_mixer_selem_get_index(elem);
+ dev->selems[i].name = strdup(name);
+ } else {
+ printf ("broken: i larger than dev->numselems\n");
+ }
if (!dev->selems[i].name) {
break;
}
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
Thank you for your very extensive analysis. On Mon, Jun 14, 2010 at 00:11:08 (CEST), Dave Witbrodt wrote: > The following discussion must be understood in the context of the packages > on my system. I believe that I am using FFMPEG from debian-multimedia.org: > > $ apt-cache policy libavformat52 > libavformat52: > Installed: 5:0.6~svn20100603-0.0 > Candidate: 5:0.6~svn20100603-0.0 > Version table: > *** 5:0.6~svn20100603-0.0 0 > 990 http://mirror.csclub.uwaterloo.ca unstable/main Packages > 100 /var/lib/dpkg/status >4:0.6~svn20100505-1 0 > 350 http://debian.osuosl.org experimental/main Packages >4:0.5.2-1 0 > 990 http://debian.osuosl.org unstable/main Packages > > If this is a critical issue in terms of dealing with this bug, please let > me know what changes to make in my local builds, or whether to cancel the > bug report entirely. So far, I am seeing evidence of real bugs in the > audacity source code, before external FFMPEG libraries are even involved. > *** END WARNING *** > *** I think this is the criticial issue for this bug. However, I'm pretty confident that this will happen with the ffmpeg version from experimental as well. You are doing excellent (upstream) work, which should definitly go in upstream. May I suggest to forward this analysis upstream, and ask them to confirm that audacity works against a copy of ffmpeg from the 0.6 branch: `svn export svn://svn.ffmpeg.org/ffmpeg/branches/0.6` I expect to release 0.6 this week, and will then upload "final" 0.6 packages to debian/experimental and ubuntu/maverick. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Bug#584605: audacity: Continuing to backtrace
Package: audacity
Version: 1.3.12-3+fix03
Severity: normal
Forgive the version listed above: it is from my local build, and is obviously
not an official Debian package.
After applying the patch suggested, I was getting a FTBFS:
--
[...]
g++ -c -g -O2 -g -Wall -O2 -I../lib-src/portmixer/include
-I../lib-src/portaudio-v19/include -g -O2 -g -Wall -O2 -Wall
-I/usr/lib/wx/include/gtk2-unicode-release-2.8 -I/usr/include/wx-2.8
-D_FILE_OFFSET_BITS=64 -D_LARGE_FILES -D__WXGTK__ -pthread
-I../lib-src/FileDialog -g -O2 -Wall
-I/home/dawitbro/sandbox/audacity/audacity-1.3.12/lib-src/lib-widget-extra
-I../lib-src/sbsms/include -I/usr/include/soundtouch
-I../lib-src/libnyquist -g -O2 -Wall
-I/home/dawitbro/sandbox/audacity/audacity-1.3.12/lib-src/portsmf
-fno-strict-aliasing -I./include -I. -DLIBDIR=\"/usr/lib\"
-D__STDC_CONSTANT_MACROS -Wall -pthread -I/usr/include/gtk-2.0
-I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo
-I/usr/include/pango-1.0 -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0
-I/usr/lib/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/freetype2
-I/usr/include/libpng12 FFmpeg.cpp -o FFmpeg.o
FFmpeg.cpp:257: error: invalid conversion from ‘int (*)(URLContext*, unsigned
char*, int)’ to ‘int (*)(URLContext*, const unsigned char*, int)’
make[2]: *** [FFmpeg.o] Error 1
make[2]: Leaving directory `/home/dawitbro/sandbox/audacity/audacity-1.3.12/src'
make[1]: *** [audacity] Error 2
make[1]: Leaving directory `/home/dawitbro/sandbox/audacity/audacity-1.3.12'
make: *** [debian/stamp-makefile-build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
--
The error was indicating the closing brace of this block of code:
$ grep -n -A 7 "URLProtocol ufile_protocol" src/FFmpeg.cpp
250:URLProtocol ufile_protocol = {
251-"ufile",
252-ufile_open,
253-ufile_read,
254-ufile_write,
255-ufile_seek,
256-ufile_close,
257-};
Clearly there was some sort of type mismatch, so I looked around for
a while. I thought I had found the definition of "URLProtocol" here:
$ grep -A 12 "typedef struct URLProtocol" lib-src/ffmpeg/libavformat/avio.h
typedef struct URLProtocol {
const char *name;
int (*url_open)(URLContext *h, const char *filename, int flags);
int (*url_read)(URLContext *h, unsigned char *buf, int size);
int (*url_write)(URLContext *h, unsigned char *buf, int size);
int64_t (*url_seek)(URLContext *h, int64_t pos, int whence);
int (*url_close)(URLContext *h);
struct URLProtocol *next;
int (*url_read_pause)(URLContext *h, int pause);
int64_t (*url_read_seek)(URLContext *h, int stream_index,
int64_t timestamp, int flags);
int (*url_get_file_handle)(URLContext *h);
} URLProtocol;
And the prototypes which might match the 'make' error above are "url_open",
"url_read", and "url_write"; these correspond to ufile_open(), ufile_read(),
and ufile_write() in src/FFmpeg.cpp:
$ egrep -n 'int ufile_(open|read|write)' src/FFmpeg.cpp
170:static int ufile_open(URLContext *h, const char *filename, int flags)
198:static int ufile_read(URLContext *h, unsigned char *buf, int size)
207:static int ufile_write(URLContext *h, unsigned char *buf, int size)
I couldn't SEE any problem to cause 'make' to fail here. After about an hour
it dawned on me that 'audacity' seems to be shipping its own FFMPEG code, but
that the Debian sources for 'audacity' build-depend on an external FFMPEG.
***
*** WARNING ***
The following discussion must be understood in the context of the packages
on my system. I believe that I am using FFMPEG from debian-multimedia.org:
$ apt-cache policy libavformat52
libavformat52:
Installed: 5:0.6~svn20100603-0.0
Candidate: 5:0.6~svn20100603-0.0
Version table:
*** 5:0.6~svn20100603-0.0 0
990 http://mirror.csclub.uwaterloo.ca unstable/main Packages
100 /var/lib/dpkg/status
4:0.6~svn20100505-1 0
350 http://debian.osuosl.org experimental/main Packages
4:0.5.2-1 0
990 http://debian.osuosl.org unstable/main Packages
If this is a critical issue in terms of dealing with this bug, please let
me know what changes to make in my local builds, or whether to cancel the
bug report entirely. So far, I am seeing evidence of real bugs in the
audacity source code, before external FFMPEG libraries are even involved.
*** END WARNING ***
***
Once I realized that the build was being made against the external FFMPEG,
I looked around at the listing of build dependencies and eventually
discovered this:
$ grep -Rn -A 12 "typedef struct URLProtocol"
/usr/include/libavformat/avio.h
223:typedef struct URLProtocol {
224-const char *name;
225-int (*url_open)(URLContext *h, con
