[Live-devel] 2013.04.21 crash bug is not fixed

Krishna Patel megaplace at hotmail.com
Tue Apr 30 14:47:17 PDT 2013 

Hi,Crash bug introduced in version 2013.04.21 is not fixed in 2013.04.29. Occasionally at session shutdown SocketDescriptor object still gets accessed after it was deleted. Version 2013.04.16 does not have such problem. Here's some info: Exception info:EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000101041db (RTSPRec!SocketDescriptor::tcpReadHandler+0x000000000000008b)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000dddddddd
Attempt to read from address 00000000dddddddd
Crash stack:ChildEBP RetAddr  Args to Child              
03a3f65c 1012525e 0478fc10 00000002 88e18a61 RTSPRec!SocketDescriptor::tcpReadHandler+0x8b
03a3fa08 1012759b 00000000 03a3fa28 047838f8 RTSPRec!BasicTaskScheduler::SingleStep+0x72e
03a3fa1c 100ac67e 04783729 03a3fbe8 03a3fb0c RTSPRec!BasicTaskScheduler0::doEventLoop+0x3b
03a3fb04 100a82f8 88e18b91 03a3fcf4 0050ca04 RTSPRec!CRTSPHandler::ShutdownSession+0xae
03a3fbf8 100a1c6d 03a3fdf8 0050ca04 0050ca68 RTSPRec!CRTSPHandler::Uninit+0xa8
03a3fcf4 1009ffcf 20000000 0050ca04 0050ca68 RTSPRec!CRTSPReceiver::UninitRTSP+0x3d
03a3fdf8 672724fa 04782ff0 00000260 0050ce44 RTSPRec!CRTSPReceiver::Stop+0x6f
SocketDescriptor::tcpReadHandler local members:0:022:x86> dv
socketDescriptor = 0x0478fc10
            mask = 0n2
           count = 0x7d0
SocketDescriptor class members:0:022:x86> ?? socketDescriptor
class SocketDescriptor * 0x0478fc10
   +0x000 __VFN_table : 0xdddddddd 
   +0x004 fEnv             : 0xdddddddd UsageEnvironment
   +0x008 fOurSocketNum    : 0n-572662307
   +0x00c fSubChannelHashTable : 0xdddddddd HashTable
   +0x010 fServerRequestAlternativeByteHandler : 0xdddddddd     void  +ffffffffdddddddd
   +0x014 fServerRequestAlternativeByteHandlerClientData : 0xdddddddd Void
   +0x018 fStreamChannelId : 0xdd ''
   +0x019 fSizeByte1       : 0xdd ''
   +0x01a fReadErrorOccurred : ffffffffffffffdd
   +0x01b fDeleteNext      : ffffffffffffffdd
   +0x01c fTCPReadingState : 0xdddddddd (No matching name)
socketDescriptor is toast void SocketDescriptor::tcpReadHandler(SocketDescriptor* socketDescriptor, int mask) {
  // Call the read handler until it returns false, with a limit to avoid starving other sockets
  unsigned count = 2000;
  while (!socketDescriptor->fDeleteNext && socketDescriptor->tcpReadHandler1(mask) && --count > 0) {}
  if (socketDescriptor->fDeleteNext) delete socketDescriptor;                                          <- Crash here
}
Krishna.   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20130430/e87bc702/attachment-0001.html>

More information about the live-devel mailing list