Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crash libijkffmpeg.so with "arm64-v8a + target sdk 30 + android 11 Phone" #5206

Closed
CarGuo opened this issue Feb 3, 2021 · 1 comment
Closed

crash libijkffmpeg.so with "arm64-v8a + target sdk 30 + android 11 Phone" #5206

CarGuo opened this issue Feb 3, 2021 · 1 comment

Comments

@CarGuo
Copy link

CarGuo commented Feb 3, 2021
edited 

2021-02-03 14:24:19.106 31369-31441/com.example.gsyvideoplayer A/libc: Fatal signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x711f82d620 in tid 31441 (ff_read), pid 31369 (.gsyvideoplayer)
2021-02-03 14:24:19.119 988-988/? E/HWComposer: setDisplayElapseTime failed for display 0: Invalid display
2021-02-03 14:24:19.130 988-988/? E/HWComposer: setDisplayElapseTime failed for display 0: Invalid display
2021-02-03 14:24:19.135 31444-31444/? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
2021-02-03 14:24:19.136 765-765/? I/tombstoned: received crash request for pid 31441
2021-02-03 14:24:19.136 31444-31444/? I/crash_dump64: performing dump of process 31369 (target tid = 31441)
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: Build fingerprint: 'Xiaomi/umi/umi:11/RKQ1.200710.002/20.9.17:user/release-keys'
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: Revision: '0'
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: ABI: 'arm64'
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: Timestamp: 2021-02-03 14:24:19+0800
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: pid: 31369, tid: 31441, name: ff_read  >>> com.example.gsyvideoplayer <<<
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: uid: 10476
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG: signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x711f82d620
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG:     x0  b4000071b6e8ac00  x1  0000000000000001  x2  0000007112412910  x3  0000000000001020
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG:     x4  000000711f82d620  x5  8080808080808080  x6  fefefefefefefeff  x7  7f7f7f7f7f7f7f7f
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG:     x8  0101010101010101  x9  0000000000000000  x10 000000000000000a  x11 0000000000000030
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG:     x12 0000000000000003  x13 0000000000000000  x14 0006237ad0f4b400  x15 00002ea008ffb39c
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG:     x16 000000711f8232e0  x17 00000074883a7cb0  x18 0000007110d9e000  x19 0000007112412910
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG:     x20 b4000071b6e8ac00  x21 b400007236e3b710  x22 b400007236e3b6b0  x23 0000007112413a78
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG:     x24 0000000000000000  x25 000000711e18e000  x26 0000000000000001  x27 00000000000fc000
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG:     x28 000000711231b000  x29 0000007112413ab0
2021-02-03 14:24:19.140 31444-31444/? A/DEBUG:     lr  000000711f5bf2a4  sp  00000071124128d0  pc  000000711f82d620  pst 0000000000001000
2021-02-03 14:24:19.141 31444-31444/? A/DEBUG: backtrace:
2021-02-03 14:24:19.141 31444-31444/? A/DEBUG:       #00 pc 0000000000571620  /data/app/~~T9M65kUZ82XvRUWgtnETqA==/com.example.gsyvideoplayer-ZOA62CFnmBo0lB289woXjg==/lib/arm64/libijkffmpeg.so!libijkffmpeg.so (offset 0x56a000)

It crash when playing network video ,not crash with local video

av_application_on_http_event

pc 00000000003132a0 /data/app/~~pYSrzhQ1H6LKWzcXVV2GlQ==/com.example.gsyvideoplayer-R4_rOrGN9pDCUPCNraehQA==/lib/arm64/libijkffmpeg.so (av_application_on_http_event+24)

/Users/xxxxxx/workspace/android/ijkplayer/android/contrib/ffmpeg-arm64/libavutil/application.c:67

it looks like ff_ffplay.c :

static int app_func_event(AVApplicationContext *h, int message ,void *data, size_t size)
{
    if (!h || !h->opaque || !data)
        return 0;

    FFPlayer *ffp = (FFPlayer *)h->opaque;
    if (!ffp->inject_opaque)
        return 0;
    if (message == AVAPP_EVENT_IO_TRAFFIC && sizeof(AVAppIOTraffic) == size) {
        AVAppIOTraffic *event = (AVAppIOTraffic *)(intptr_t)data;
        if (event->bytes > 0) {
            ffp->stat.byte_count += event->bytes;
            SDL_SpeedSampler2Add(&ffp->stat.tcp_read_sampler, event->bytes);
        }
    } else if (message == AVAPP_EVENT_ASYNC_STATISTIC && sizeof(AVAppAsyncStatistic) == size) {
        AVAppAsyncStatistic *statistic =  (AVAppAsyncStatistic *) (intptr_t)data;
        ffp->stat.buf_backwards = statistic->buf_backwards;
        ffp->stat.buf_forwards = statistic->buf_forwards;
        ffp->stat.buf_capacity = statistic->buf_capacity;
    }
    return inject_callback(ffp->inject_opaque, message , data, size);
}

add android:allowNativeHeapPointerTagging="false" can solve the problem temporarily

This will disable the Pointer Tagging feature for your application. Please note that this does not address the underlying code health problem. This escape hatch will disappear in future versions of Android, because issues of this nature will be incompatible with MTE.

Starting in Android 11, for 64-bit processes, all heap allocations have an implementation defined tag set in the top byte of the pointer on devices with kernel support for ARM Top-byte Ignore (TBI). Any application that modifies this tag is terminated when the tag is checked during deallocation. This is necessary for future hardware with ARM Memory Tagging Extension (MTE) support.

about : https://source.android.google.cn/devices/tech/debug/tagged-pointers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raymond1012 @CarGuo