The source project of this merge request has been removed.
GstAmcVideoDec: fix GstAmcSurfaceTexture segfault
Check that self and self->callback are defined. self can be set to
NULL in remove_listener, and self->callback can be set to NULL
inside gst_amc_surface_texture_jni_set_on_frame_available_callback.
This can cause a segfault since the Java object can outlive the C
object, and call the callback after remove_listener is called.
Steps to replicate:
- Decode an x264 file using
decodebin/playbinon an Android device with theGstAmcVideoDec-OmxAmlogicAvcDecoderAwesomecodec. Software decoders such asGstAmcVideoDec-OmxAmlogicVp8DecoderSwappear to work fine.
Other info:
- Stack trace entry
#09indicates that the error originates from Java in theorg.freedesktop.gstreamer.androidmedia.GstAmcOnFrameAvailableListener.onFrameAvailablecallback. Fault address0x1cappears to be the offset ofGstAmcSurfaceTextureJNI.callbackindicating thatselfisNULLwhen callingself->callback
Stacktrace:
10:10:40.411 !!!FAILURE!!! libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x1c in tid 8904 (o.vivi.receiver), pid 8904 (o.vivi.receiver)
10:10:40.532 INFO crash_dump32: obtaining output fd from tombstoned, type: kDebuggerdTombstone
10:10:40.533 INFO /system/bin/tombstoned: received crash request for pid 8904
10:10:40.535 INFO crash_dump32: performing dump of process 8904 (target tid = 8904)
10:10:40.559 !!!FAILURE!!! DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
10:10:40.560 !!!FAILURE!!! DEBUG: Build fingerprint: 'OnePlus/OnePlus6/OnePlus6:8.1.0/OPM1.171019.011/06140300:user/release-keys'
10:10:40.560 !!!FAILURE!!! DEBUG: Revision: '0'
10:10:40.560 !!!FAILURE!!! DEBUG: ABI: 'arm'
10:10:40.560 !!!FAILURE!!! DEBUG: pid: 8904, tid: 8904, name: o.vivi.receiver >>> io.vivi.receiver <<<
10:10:40.560 !!!FAILURE!!! DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x1c
10:10:40.560 !!!FAILURE!!! DEBUG: Cause: null pointer dereference
10:10:40.560 !!!FAILURE!!! DEBUG: r0 00000000 r1 bbc72f7c r2 00000000 r3 00000000
10:10:40.560 !!!FAILURE!!! DEBUG: r4 9d071370 r5 00000004 r6 00000000 r7 bbc732a8
10:10:40.560 !!!FAILURE!!! DEBUG: r8 00000000 r9 a4fc9000 r10 bbc72f80 r11 a4fc9000
10:10:40.560 !!!FAILURE!!! DEBUG: ip 87ffc925 sp bbc72f60 lr a54d127b pc 87ffc926
10:10:41.019 !!!FAILURE!!! DEBUG:
10:10:41.019 !!!FAILURE!!! DEBUG: backtrace:
10:10:41.019 !!!FAILURE!!! DEBUG: #00 pc 00575926 /data/app/io.vivi.receiver-K-7yzvJMAAlYZS1ccAc1FQ==/lib/arm/libgstreamer_android.so
10:10:41.019 !!!FAILURE!!! DEBUG: #01 pc 0041c279 /system/lib/libart.so (art_quick_generic_jni_trampoline+40)
10:10:41.019 !!!FAILURE!!! DEBUG: #02 pc 00417d75 /system/lib/libart.so (art_quick_invoke_stub_internal+68)
10:10:41.019 !!!FAILURE!!! DEBUG: #03 pc 003f12e7 /system/lib/libart.so (art_quick_invoke_stub+226)
10:10:41.019 !!!FAILURE!!! DEBUG: #04 pc 000a1031 /system/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+136)
10:10:41.019 !!!FAILURE!!! DEBUG: #05 pc 001e8835 /system/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+232)
10:10:41.019 !!!FAILURE!!! DEBUG: #06 pc 001e3511 /system/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+776)
10:10:41.019 !!!FAILURE!!! DEBUG: #07 pc 003ecda1 /system/lib/libart.so (MterpInvokeDirect+196)
10:10:41.020 !!!FAILURE!!! DEBUG: #08 pc 0040ab14 /system/lib/libart.so (ExecuteMterpImpl+14484)
10:10:41.020 !!!FAILURE!!! DEBUG: #09 pc 000081ee /dev/ashmem/dalvik-classes2.dex extracted in memory from /data/app/io.vivi.receiver-K-7yzvJMAAlYZS1ccAc1FQ==/base.apk!classes2.dex (deleted) (org.freedesktop.gstreamer.androidmedia.GstAmcOnFrameAvailableListener.onFrameAvailable+6)
10:10:41.020 !!!FAILURE!!! DEBUG: #10 pc 001c7e89 /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2193211614+352)
10:10:41.020 !!!FAILURE!!! DEBUG: #11 pc 001cc757 /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+146)
10:10:41.020 !!!FAILURE!!! DEBUG: #12 pc 001e34fb /system/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+754)
10:10:41.020 !!!FAILURE!!! DEBUG: #13 pc 003ecadd /system/lib/libart.so (MterpInvokeInterface+1020)
10:10:41.020 !!!FAILURE!!! DEBUG: #14 pc 0040ac14 /system/lib/libart.so (ExecuteMterpImpl+14740)
10:10:41.020 !!!FAILURE!!! DEBUG: #15 pc 00421ebc /system/framework/boot-framework.vdex (android.graphics.SurfaceTexture$1.handleMessage+8)
10:10:41.020 !!!FAILURE!!! DEBUG: #16 pc 001c7e89 /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2193211614+352)
10:10:41.020 !!!FAILURE!!! DEBUG: #17 pc 001cc757 /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+146)
10:10:41.020 !!!FAILURE!!! DEBUG: #18 pc 001e34fb /system/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+754)
10:10:41.020 !!!FAILURE!!! DEBUG: #19 pc 003ebf0f /system/lib/libart.so (MterpInvokeVirtual+442)
10:10:41.020 !!!FAILURE!!! DEBUG: #20 pc 0040aa14 /system/lib/libart.so (ExecuteMterpImpl+14228)
10:10:41.020 !!!FAILURE!!! DEBUG: #21 pc 00ae829a /system/framework/boot-framework.vdex (android.os.Handler.dispatchMessage+42)
10:10:41.020 !!!FAILURE!!! DEBUG: #22 pc 001c7e89 /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2193211614+352)
10:10:41.020 !!!FAILURE!!! DEBUG: #23 pc 001cc757 /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+146)
10:10:41.020 !!!FAILURE!!! DEBUG: #24 pc 001e34fb /system/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+754)
10:10:41.020 !!!FAILURE!!! DEBUG: #25 pc 003ebf0f /system/lib/libart.so (MterpInvokeVirtual+442)
10:10:41.021 !!!FAILURE!!! DEBUG: #26 pc 0040aa14 /system/lib/libart.so (ExecuteMterpImpl+14228)
10:10:41.021 !!!FAILURE!!! DEBUG: #27 pc 00aef388 /system/framework/boot-framework.vdex (android.os.Looper.loop+404)
10:10:41.021 !!!FAILURE!!! DEBUG: #28 pc 001c7e89 /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2193211614+352)
10:10:41.021 !!!FAILURE!!! DEBUG: #29 pc 001cc757 /system/lib/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+146)
10:10:41.021 !!!FAILURE!!! DEBUG: #30 pc 001e34fb /system/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+754)
10:10:41.021 !!!FAILURE!!! DEBUG: #31 pc 003eceeb /system/lib/libart.so (MterpInvokeStatic+130)
10:10:41.021 !!!FAILURE!!! DEBUG: #32 pc 0040ab94 /system/lib/libart.so (ExecuteMterpImpl+14612)
10:10:41.021 !!!FAILURE!!! DEBUG: #33 pc 00385c5a /system/framework/boot-framework.vdex (android.app.ActivityThread.main+214)
10:10:41.021 !!!FAILURE!!! DEBUG: #34 pc 001c7e89 /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2193211614+352)
10:10:41.021 !!!FAILURE!!! DEBUG: #35 pc 001cc6a3 /system/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)+82)
10:10:41.021 !!!FAILURE!!! DEBUG: #36 pc 003df753 /system/lib/libart.so (artQuickToInterpreterBridge+890)
10:10:41.021 !!!FAILURE!!! DEBUG: #37 pc 0041c2ff /system/lib/libart.so (art_quick_to_interpreter_bridge+30)
10:10:41.021 !!!FAILURE!!! DEBUG: #38 pc 00417d75 /system/lib/libart.so (art_quick_invoke_stub_internal+68)
10:10:41.021 !!!FAILURE!!! DEBUG: #39 pc 003f13eb /system/lib/libart.so (art_quick_invoke_static_stub+222)
10:10:41.021 !!!FAILURE!!! DEBUG: #40 pc 000a1043 /system/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+154)
10:10:41.021 !!!FAILURE!!! DEBUG: #41 pc 00350a6d /system/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+52)
10:10:41.022 !!!FAILURE!!! DEBUG: #42 pc 00351eb5 /system/lib/libart.so (art::InvokeMethod(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned int)+960)
10:10:41.022 !!!FAILURE!!! DEBUG: #43 pc 00302bd9 /system/lib/libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+40)
10:10:41.022 !!!FAILURE!!! DEBUG: #44 pc 001121ff /system/framework/arm/boot-core-oj.oat (offset 0x10c000) (java.lang.Class.getDeclaredMethodInternal [DEDUPED]+110)
10:10:41.022 !!!FAILURE!!! DEBUG: #45 pc 00417d75 /system/lib/libart.so (art_quick_invoke_stub_internal+68)
10:10:41.022 !!!FAILURE!!! DEBUG: #46 pc 003f12e7 /system/lib/libart.so (art_quick_invoke_stub+226)
10:10:41.022 !!!FAILURE!!! DEBUG: #47 pc 000a1031 /system/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+136)
10:10:41.022 !!!FAILURE!!! DEBUG: #48 pc 001e8835 /system/lib/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+232)
10:10:41.022 !!!FAILURE!!! DEBUG: #49 pc 001e3511 /system/lib/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+776)
10:10:41.022 !!!FAILURE!!! DEBUG: #50 pc 003ebf0f /system/lib/libart.so (MterpInvokeVirtual+442)
10:10:41.022 !!!FAILURE!!! DEBUG: #51 pc 0040aa14 /system/lib/libart.so (ExecuteMterpImpl+14228)
10:10:41.022 !!!FAILURE!!! DEBUG: #52 pc 00c1020a /system/framework/boot-framework.vdex (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+22)
10:10:41.022 !!!FAILURE!!! DEBUG: #53 pc 001c7e89 /system/lib/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.2193211614+352)
10:10:41.022 !!!FAILURE!!! DEBUG: #54 pc 001cc6a3 /system/lib/libart.so (art::interpreter::EnterInterpreterFromEntryPoint(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*)+82)
10:10:41.022 !!!FAILURE!!! DEBUG: #55 pc 003df753 /system/lib/libart.so (artQuickToInterpreterBridge+890)
10:10:41.022 !!!FAILURE!!! DEBUG: #56 pc 0041c2ff /system/lib/libart.so (art_quick_to_interpreter_bridge+30)
10:10:41.022 !!!FAILURE!!! DEBUG: #57 pc 00a13281 /system/framework/arm/boot-framework.oat (offset 0x3ac000) (com.android.internal.os.ZygoteInit.main+2896)
10:10:41.022 !!!FAILURE!!! DEBUG: #58 pc 00417d75 /system/lib/libart.so (art_quick_invoke_stub_internal+68)
10:10:41.022 !!!FAILURE!!! DEBUG: #59 pc 003f13eb /system/lib/libart.so (art_quick_invoke_static_stub+222)
10:10:41.022 !!!FAILURE!!! DEBUG: #60 pc 000a1043 /system/lib/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+154)
10:10:41.023 !!!FAILURE!!! DEBUG: #61 pc 00350a6d /system/lib/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+52)
10:10:41.023 !!!FAILURE!!! DEBUG: #62 pc 00350889 /system/lib/libart.so (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+304)
10:10:41.023 !!!FAILURE!!! DEBUG: #63 pc 002949cd /system/lib/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+476)
10:10:41.023 !!!FAILURE!!! DEBUG: #64 pc 0006cb73 /system/lib/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+38)
10:10:41.023 !!!FAILURE!!! DEBUG: #65 pc 0006ed9b /system/lib/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+462)
10:10:41.023 !!!FAILURE!!! DEBUG: #66 pc 0000198d /system/bin/app_process32 (main+724)
10:10:41.023 !!!FAILURE!!! DEBUG: #67 pc 00088f55 /system/lib/libc.so (__libc_init+48)
10:10:41.023 !!!FAILURE!!! DEBUG: #68 pc 00001677 /system/bin/app_process32 (_start_main+46)
10:10:41.023 !!!FAILURE!!! DEBUG: #69 pc 00018037 /system/bin/linker (__dl__ZN6soinfoD1Ev+14)
10:10:41.023 !!!FAILURE!!! DEBUG: #70 pc 007feb7d [stack:bb477000]