crash libijkffmpeg.so with "arm64-v8a + target sdk 30 + android 11 Phone" #5206
Description
2021-02-03 14:24:19.106 31369-31441/com.example.gsyvideoplayer A/libc: Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x711f82d620 in tid 31441 (ff_read), pid 31369 (.gsyvideoplayer)
2021-02-03 14:24:19.119 988-988/? E/HWComposer: setDisplayElapseTime failed for display 0: Invalid display
2021-02-03 14:24:19.130 988-988/? E/HWComposer: setDisplayElapseTime failed for display 0: Invalid display
2021-02-03 14:24:19.135 31444-31444/? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
2021-02-03 14:24:19.136 765-765/? I/tombstoned: received crash request for pid 31441
2021-02-03 14:24:19.136 31444-31444/? I/crash_dump64: performing dump of process 31369 (target tid = 31441)
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: Build fingerprint: 'Xiaomi/umi/umi:11/RKQ1.200710.002/20.9.17:user/release-keys'
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: Revision: '0'
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: ABI: 'arm64'
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: Timestamp: 2021-02-03 14:24:19+0800
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: pid: 31369, tid: 31441, name: ff_read >>> com.example.gsyvideoplayer <<<
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: uid: 10476
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x711f82d620
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: x0 b4000071b6e8ac00 x1 0000000000000001 x2 0000007112412910 x3 0000000000001020
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: x4 000000711f82d620 x5 8080808080808080 x6 fefefefefefefeff x7 7f7f7f7f7f7f7f7f
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: x8 0101010101010101 x9 0000000000000000 x10 000000000000000a x11 0000000000000030
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: x12 0000000000000003 x13 0000000000000000 x14 0006237ad0f4b400 x15 00002ea008ffb39c
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: x16 000000711f8232e0 x17 00000074883a7cb0 x18 0000007110d9e000 x19 0000007112412910
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: x20 b4000071b6e8ac00 x21 b400007236e3b710 x22 b400007236e3b6b0 x23 0000007112413a78
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: x24 0000000000000000 x25 000000711e18e000 x26 0000000000000001 x27 00000000000fc000
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: x28 000000711231b000 x29 0000007112413ab0
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: lr 000000711f5bf2a4 sp 00000071124128d0 pc 000000711f82d620 pst 0000000000001000
2021-02-03 14:24:19.141 31444-31444/? A/DEBUG: backtrace:
2021-02-03 14:24:19.141 31444-31444/? A/DEBUG: #00 pc 0000000000571620 /data/app/~~T9M65kUZ82XvRUWgtnETqA==/com.example.gsyvideoplayer-ZOA62CFnmBo0lB289woXjg==/lib/arm64/libijkffmpeg.so!libijkffmpeg.so (offset 0x56a000)
It crash when playing network video ,not crash with local video
av_application_on_http_event
pc 00000000003132a0 /data/app/~~pYSrzhQ1H6LKWzcXVV2GlQ==/com.example.gsyvideoplayer-R4_rOrGN9pDCUPCNraehQA==/lib/arm64/libijkffmpeg.so (av_application_on_http_event+24)
/Users/xxxxxx/workspace/android/ijkplayer/android/contrib/ffmpeg-arm64/libavutil/application.c:67
it looks like ff_ffplay.c :
static int app_func_event(AVApplicationContext *h, int message ,void *data, size_t size)
{
if (!h || !h->opaque || !data)
return 0;
FFPlayer *ffp = (FFPlayer *)h->opaque;
if (!ffp->inject_opaque)
return 0;
if (message == AVAPP_EVENT_IO_TRAFFIC && sizeof(AVAppIOTraffic) == size) {
AVAppIOTraffic *event = (AVAppIOTraffic *)(intptr_t)data;
if (event->bytes > 0) {
ffp->stat.byte_count += event->bytes;
SDL_SpeedSampler2Add(&ffp->stat.tcp_read_sampler, event->bytes);
}
} else if (message == AVAPP_EVENT_ASYNC_STATISTIC && sizeof(AVAppAsyncStatistic) == size) {
AVAppAsyncStatistic *statistic = (AVAppAsyncStatistic *) (intptr_t)data;
ffp->stat.buf_backwards = statistic->buf_backwards;
ffp->stat.buf_forwards = statistic->buf_forwards;
ffp->stat.buf_capacity = statistic->buf_capacity;
}
return inject_callback(ffp->inject_opaque, message , data, size);
}
add android:allowNativeHeapPointerTagging="false" can solve the problem temporarily
This will disable the Pointer Tagging feature for your application. Please note that this does not address the underlying code health problem. This escape hatch will disappear in future versions of Android, because issues of this nature will be incompatible with MTE.
Starting in Android 11, for 64-bit processes, all heap allocations have an implementation defined tag set in the top byte of the pointer on devices with kernel support for ARM Top-byte Ignore (TBI). Any application that modifies this tag is terminated when the tag is checked during deallocation. This is necessary for future hardware with ARM Memory Tagging Extension (MTE) support.
about : https://source.android.google.cn/devices/tech/debug/tagged-pointers
Metadata
Metadata
Assignees
Labels
No labels
Type
Projects
Milestone
Relationships
Development
No branches or pull requests
Participants
Activity
raymond1012 commentedon Feb 7, 2021
fixed