Bug#1100726: kodi: Segmentation fault at startup
The bug is caused by stack corruption in new tinyxml2 library which migrated yesterday:
#0 0x00007ffff53cac71 in tinyxml2::XMLDocument::XMLDocument (this=this@entry=0x7fffffffdf50,
processEntities=processEntities@entry=true, whitespaceMode=whitespaceMode@entry=tinyxml2::PRESERVE_WHITESPACE)
at ./tinyxml2.cpp:2201
No locals.
#1 0x0000555556c0b04e in CXBMCTinyXML2::CXBMCTinyXML2 (this=0x7fffffffdf50) at ./xbmc/utils/XBMCTinyXML2.h:20
No locals.
#2 CWakeOnAccess::LoadFromXML (this=0x5555576cd020 <CWakeOnAccess::GetInstance()::sWakeOnAccess>)
at ./xbmc/network/WakeOnAccess.cpp:803
enabled = false
xmlDoc = {
<tinyxml2::XMLDocument> = {
<tinyxml2::XMLNode> = {
_vptr.XMLNode = 0x7ffff53d5c48 <vtable for tinyxml2::XMLDocument+16>,
_document = 0x0,
_parent = 0x0,
_value = {
_flags = 0,
_start = 0x0,
_end = 0x0
},
_parseLineNum = 0,
_firstChild = 0x0,
_lastChild = 0x0,
_prev = 0x0,
_next = 0x0,
_userData = 0x0,
_memPool = 0x0
},
members of tinyxml2::XMLDocument:
_writeBOM = false,
_processEntities = true,
_errorID = tinyxml2::XML_SUCCESS,
_whitespaceMode = tinyxml2::PRESERVE_WHITESPACE,
_errorStr = {
_flags = 0,
_start = 0x0,
_end = 0x0
},
_errorLineNum = 0,
_charBuffer = 0x0,
_parseCurLineNum = 0,
_parsingDepth = 0,
_unlinked = {
_mem = 0x7fffffffe000,
_pool = {0x7fff00000000, 0x21d7ffffe270, 0x7fffffffe020, 0x0, 0x55555777f700, 0x5555577815d0, 0x7fffffffe040, 0x0,
0x7fffffffe200, 0x555557781580},
_allocated = 10,
_size = 0
},
_elementPool = {
<tinyxml2::MemPool> = {
_vptr.MemPool = 0x7ffff53d5590 <vtable for tinyxml2::MemPoolT<120ul>+16>
},
members of tinyxml2::MemPoolT<120>:
_blockPtrs = {
_mem = 0x7fffffffe070,
_pool = {0x7fffffffe080, 0x7, 0x6c616963657073, 0x7fffffffe201, 0x7fffffffe0a0, 0x3, 0x5555006c6d78,
0x555556b7d3de <CProfileManager::GetCurrentProfile() const+142>, 0x7fffffffe0c0, 0x0},
_allocated = 10,
_size = 0
},
_root = 0x0,
_currentAllocs = 0,
_nAllocs = 0,
_maxAllocs = 0,
_nUntracked = 0
},
_attributePool = {
<tinyxml2::MemPool> = {
_vptr.MemPool = 0x7ffff53d55d0 <vtable for tinyxml2::MemPoolT<80ul>+16>
},
members of tinyxml2::MemPoolT<80>:
_blockPtrs = {
_mem = 0x7fffffffe108,
_pool = {0x0, 0x7fffffffe100, 0x7fffffffe100, 0x0, 0x7fffffffe138, 0x0, 0x7fffffffe200, 0x5555577ee240,
0x5555576142f8 <vtable for CUrlOptions+16>, 0x18},
_allocated = 10,
_size = 0
},
_root = 0x0,
_currentAllocs = 0,
_nAllocs = 0,
_maxAllocs = 0,
_nUntracked = 0
},
_textPool = {
<tinyxml2::MemPool> = {
_vptr.MemPool = 0x7ffff53d5610 <vtable for tinyxml2::MemPoolT<112ul>+16>
},
members of tinyxml2::MemPoolT<112>:
_blockPtrs = {
_mem = 0x7fffffffe1a0,
_pool = {0x0, 0xa5165009acbf8200, 0x555500000000, 0x7fffffffe240, 0x7fffffffe290, 0x7fffffffe220, 0x7fffffffe230,
0x7fffffffe210, 0x55555777d2c8, 0x555556963fa6 <CMediaSourceSettings::GetSourcesFile[abi:cxx11]()+502>},
_allocated = 10,
_size = 0
},
_root = 0x0,
_currentAllocs = 0,
_nAllocs = 0,
_maxAllocs = 0,
_nUntracked = 0
},
_commentPool = <error reading variable: access outside bounds of object>
__FUNCTION__ = "LoadFromXML"
rootElement = <optimized out>
tmp = 21845
pWakeUp = <optimized out>
pUPnPNode = <optimized out>
#3 0x0000000000000000 in ?? ()
No symbol table info available.
It overwrites the return pointer of CWakeOnAccess::LoadFromXml()
--
Vasyl Gello
Certified SolidWorks Expert
E-Mail: vasek.gello@gmail.com
호랑이는 죽어서 가죽을 남기고 사람은 죽어서 이름을 남긴다
Reply to: