search

bitwiseworks / qtwebengine-chromium-os2

Port of Chromium and related tools to OS/2
9 stars 2 forks source link

Audio playback results into a crash after 5.15.2 #40

Closed dmik closed 3 years ago

dmik commented 3 years ago

From here https://github.com/bitwiseworks/qtwebengine-os2/issues/8#issuecomment-858141065:

Another problem I discovered is a SIGFPU when trying to play a YouTube video:


Killed by SIGFPE
pid=0x6a7a ppid=0x6a79 tid=0x0008 slot=0x00c8 pri=0x0200 mc=0x0001 ps=0x0010
D:\CODING\QT5\QT5-DEV-BUILD\QTWEBENGINE\EXAMPLES\WEBENGINEWIDGETS\SIMPLEBROWSER\RELEASE\SIMPLEBROWSER.EXE
cs:eip=009dfb00:03beefda      ss:esp=0000:00000004      ebp=00000053
ds=0000      es=0000      fs=0200      gs=0000     efl=00000800
eax=03beed64 ebx=1ffc9d7c ecx=03beed78 edx=03beed9c edi=00000004 esi=03beffd4
Creating 6A7A_08.TRP

Exception C000009B - Integer Divide By Zero

Process: D:\CODING\QT5\QT5-DEV-BUILD\QTWEBENGINE\EXAMPLES\WEBENGINEWIDGETS\SIMPLEBROWSER\RELEASE\SIMPLEBROWSER.EXE (05/25/2021 21:44:23 1,948,077) PID: 6A7A (27258) TID: 08 (8) Priority: 200

Filename: C:\USR\LIB\KAI1.DLL (11/13/2020 16:48:05 26,929) Address: 005B:178A0BEB (0001:00000BEB)

Failing Instruction

178A0BDC JZ 0x178a0f00 (0f84 1e030000) 178A0BE2 MOV EAX, [EBX+0x36] (8b43 36) 178A0BE5 IMUL EAX, [EBX+0x26] (0faf43 26) 178A0BE9 XOR EDX, EDX (31d2) 178A0BEB >DIV DWORD [ESI+0xa] (f776 0a) 178A0BEE XOR EDX, EDX (31d2) 178A0BF0 MOV ECX, EAX (89c1) 178A0BF2 MOV EAX, [EBX+0x26] (8b43 26)

Registers

EAX : 05DC0000 EBX : 009DEF60 ECX : 00000008 EDX : 00000000 ESI : 03BEEFDA EDI : 009DFB00 ESP : 03BEEECC EBP : 03BEEF24 EIP : 178A0BEB EFLG : 00210246 CS : 005B CSLIM: FFFFFFFF SS : 0053 SSLIM: FFFFFFFF

EAX : read/write memory - owner unknown EBX : read/write memory allocated by LIBCN0 ECX : not a valid address EDX : not a valid address ESI : read/write memory on this thread's stack EDI : read/write memory allocated by LIBCN0

Stack Info for Thread 08

Size Base ESP Max Top 00200000 03BF0000 -> 03BEEECC -> 03BED000 -> 039F0000

Call Stack

EBP Address Module Obj:Offset Nearest Public Symbol

Trap -> 178A0BEB KAI1 0001:00000BEB kai.c#209 kaiInit - 385 0001:00000F70 (kai.c)

03BEEF24 178A2037 KAI1 0001:00002037 kai.c#1284 kaiOpen + 267 0001:00001DD0 (kai.c)

Offset Name Type Hex Value ÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ 8 pksWanted pointer to type 0x211 3BEEFDA 12 pksObtained pointer to type 0x211 3BEF005 16 phkai pointer to 32 bit unsigned 3BEEFD4 -51 ksObtained 0x211 20000 -51 ksObtained 0x211 20000 -51 ksObtained 0x211 20000

03BEEF94 B726BC29 QT5WEBC 0001:011EBC29 ZN5media15AudioManagerOS234GetPreferredOutputStreamParametersERKNSt7cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKNS_15AudioParametersE + 119 0001:011EBB10 (audio_manager_os2.o)

200B4E00 200B1780 Unknown

B726C554 B726B910 QT5WEBC 0001:011EB910 __ZN5media15AudioManagerOS2D0Ev 0001:011EB910 (audio_manager_os2.o)

Lost Stack chain - new EBP below previous

dmik commented 3 years ago

According to logs, looks like Chromium now sends an invalid AudioParameters value (all zeroes) to AudioManagerBase::GetPreferredOutputStreamParameters. This includes a zero sampling rate. And this, in turn, leads to a crash inside libkai because it divides a number by that sample rate w/o checking that it's zero.

dmik commented 3 years ago

This was easy. The https://hpr.dogphilosophy.net/test/ page now works flawlessly. However I see some oddities when playing YouTube but that's beyond this topic I think. Will create a separate ticket if/when needed.