search

savonet / liquidsoap

Liquidsoap is a statically typed scripting general-purpose language with dedicated operators and backend for all thing media, streaming, file generation, automation, HTTP backend and more.
http://liquidsoap.info
GNU General Public License v2.0
1.4k stars 130 forks source link

video.add_text.sdl: Crashes with dynamic values #1189

Closed gdhgdhgdh closed 4 years ago

gdhgdhgdh commented 4 years ago

I'm using the output of bpm to change some text in the output video. This causes add_text.sdl to fall over with either:

malloc(): invalid next size (unsorted)

or

corrupted size vs. prev_size

#!/usr/bin/liquidsoap

set("log.level", 4)

curTempo = ref("0")

def bpm_callback(ct) =
  curTempo := string_of(ct)
  log(!curTempo)
end

a = blank()
a = bpm(bpm_callback, a)

v = blank()
v = video.add_text.sdl( { !curTempo } ,speed=0,x=300,y=250,font="/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf",v)

mix = mksafe(mux_audio(audio=a, v))

output.youtube.live(url="rtmp://127.0.0.1",audio_encoder="voaacenc",key="live/output",mixmux)

Using 1.5.0+git@34c16a76 on container built FROM ubuntu:20.04

2020/05/04 10:07:23 [main:3] Liquidsoap 1.5.0+git@34c16a76
2020/05/04 10:07:23 [main:3] Using: bytes=[distributed with OCaml 4.02 or above] pcre=7.4.3 sedlex=2.1 menhirLib=20200211 dtools=0.4.2 duppy=0.9.0 cry=0.6.5 mm=0.6.0 xmlplaylist=0.1.4 lastfm=0.3.2 ogg=0.6.0 vorbis=0.7.1 opus=0.1.4 speex=0.3.0 mad=0.5.0 flac=0.2.0 flac.ogg=0.2.0 dynlink=[distributed with Ocaml] lame=0.3.4 shine=0.2.1 gstreamer=0.3.0 frei0r=0.1.2 fdkaac=0.3.2 theora=0.3.1 gavl=0.1.6 ffmpeg-avutil=0.5.0 ffmpeg-avcodec=0.5.0 ffmpeg-av=0.5.0 ffmpeg-avfilter=0.5.0 ffmpeg-swresample=0.5.0 ffmpeg-swscale=0.5.0 bjack=0.1.5 alsa=0.3.0 ao=0.2.2 samplerate=0.1.5 taglib=0.3.6 ssl=0.5.9 magic=0.7.3 camomile=1.0.2 inotify=2.3 yojson=1.7.0 faad=0.5.0 soundtouch=0.1.9 portaudio=0.2.1 pulseaudio=0.1.4 ladspa=0.2.0 dssi=0.1.3 tsdl=v0.9.7 tsdl_ttf=0 tsdl_image=0 camlimages=4.2.6 cohttp-lwt-unix=2.5.1 prometheus-app=0.7 srt.types=0.1.1 srt.stubs=0.1.1 srt.stubs=0.1.1 srt=0.1.1 lo=0.1.2 gd=1.0a5
smimram commented 4 years ago

I used the following simpler script to test and could not reproduce unfortunately:

set("log.level", 4)

n = ref(1)
thread.run(every=1., {n := !n * 2})

s = blank()
s = video.add_text.sdl( { string_of(!n) } ,speed=0,x=300,y=250,font="/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf", s)

output.sdl(s)
gdhgdhgdh commented 4 years ago

Your smaller script also works for me, so there must be some interaction between the more complex components in my example. I'll see if I can gradually expand your example until it crashes.

smimram commented 4 years ago

Thanks, this would be helpful! I am no sure that video.add_text.sdl is the culprit here...

gdhgdhgdh commented 4 years ago

I updated the original issue - I wasn't able to simplify it very much - it looks like an interaction between bpm and add_text - when it's a simple number increasing the script runs fine every time.

smimram commented 4 years ago

Ok, I can reproduce with your script. Here is a stacktrace:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff309555b in __GI_abort () at abort.c:79
#2  0x00007ffff30ee008 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff31faf3e "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff30f53aa in malloc_printerr (str=str@entry=0x7ffff31fcbc0 "free(): invalid next size (fast)") at malloc.c:5339
#4  0x00007ffff30f6e1c in _int_free (av=0x7ffff322cb80 <main_arena>, p=0x7fff9401c7f0, have_lock=0) at malloc.c:4249
#5  0x000055555613f9f6 in caml_empty_minor_heap () at minor_gc.c:388
#6  0x000055555613fe4b in caml_gc_dispatch () at minor_gc.c:446
#7  0x000055555614120c in caml_alloc (tag=0, wosize=4) at alloc.c:45
#8  caml_alloc (wosize=4, tag=0) at alloc.c:34
#9  0x0000555556113fe5 in caml_yuv420_get_pixel_rgba (img=<optimized out>, _i=<optimized out>, _j=<optimized out>) at image_yuv420.c:285
#10 0x0000555555d8227e in camlSdl_utils__of_img_2322 () at image.ml:769
#11 0x0000555555c616e8 in camlSdl_out__fun_2616 () at outputs/sdl_out.ml:96
#12 0x0000555555c78ad7 in camlOutput__fun_1255 () at outputs/output.ml:186
#13 0x0000555555d88c64 in camlClock__fun_1627 () at clock.ml:288
#14 0x0000555556076698 in camlStdlib__list__fold_left_250 () at list.ml:121
#15 0x0000555555d86af1 in camlClock__fun_1580 () at clock.ml:285
#16 0x0000555555d887ec in camlClock__loop_932 () at clock.ml:256
#17 0x0000555555d86e4d in camlClock__fun_1557 () at clock.ml:259
#18 0x0000555555db1986 in camlTutils__fun_1441 () at tools/tutils.ml:157
#19 0x0000555556069369 in camlThread__fun_286 () at thread.ml:39
#20 0x00005555561576a4 in caml_start_program ()
#21 0x00005555561338a8 in caml_thread_start ()
#22 0x00007ffff7a8ff27 in start_thread (arg=<optimized out>) at pthread_create.c:479
#23 0x00007ffff316d2ef in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
smimram commented 4 years ago

and valgrind shows lots of

2020/05/04 18:48:02 [source:4] Source audio_aux_36655 gets up.
==384185== Thread 17:
==384185== Invalid write of size 1
==384185==    at 0xCC81E2: caml_yuv420_set_pixel_rgba (image_yuv420.c:306)
==384185==    by 0x9BCF7C: camlImage__set_pixel_rgba_888 (image.ml:742)
==384185==    by 0x9360CC: camlSdl_utils__to_img_1962 (sdl_utils.ml:89)
==384185==    by 0x7BCF1B: camlVideo_text_sdl__render_text_299 (video_text_sdl.ml:43)
==384185==    by 0x7CD9A3: camlVideo_text__fun_1012 (video_text.ml:56)
==384185==    by 0x7CD94E: camlVideo_text__fun_1015 (video_text.ml:71)
==384185==    by 0x7CD5F7: camlVideo_text__fun_1018 (video_text.ml:79)
==384185==    by 0x93EF9E: camlSource__fun_1815 (source.ml:590)
==384185==    by 0x82CA10: camlOutput__fun_1255 (output.ml:179)
==384185==    by 0x93CC63: camlClock__fun_1627 (clock.ml:288)
==384185==    by 0xC2A697: camlStdlib__list__fold_left_250 (list.ml:121)
==384185==    by 0x93AAF0: camlClock__fun_1580 (clock.ml:285)
==384185==  Address 0x175b4da8 is 0 bytes after a block of size 88 alloc'd
==384185==    at 0x483677F: malloc (vg_replace_malloc.c:309)
==384185==    by 0xCBB27C: caml_data_aligned (image_data.c:21)
==384185==    by 0x9BC448: camlImage__create_806 (image.ml:619)
==384185==    by 0x935CA8: camlSdl_utils__to_img_1962 (video.ml:37)
==384185==    by 0x7BCF1B: camlVideo_text_sdl__render_text_299 (video_text_sdl.ml:43)
==384185==    by 0x7CD9A3: camlVideo_text__fun_1012 (video_text.ml:56)
==384185==    by 0x7CD94E: camlVideo_text__fun_1015 (video_text.ml:71)
==384185==    by 0x7CD5F7: camlVideo_text__fun_1018 (video_text.ml:79)
==384185==    by 0x93EF9E: camlSource__fun_1815 (source.ml:590)
==384185==    by 0x82CA10: camlOutput__fun_1255 (output.ml:179)
==384185==    by 0x93CC63: camlClock__fun_1627 (clock.ml:288)
==384185==    by 0xC2A697: camlStdlib__list__fold_left_250 (list.ml:121)
toots commented 4 years ago

@smimram think this could be part of 1.4.3?

smimram commented 4 years ago

This should be fixed by https://github.com/savonet/ocaml-mm/commit/30c7eabbde51b6883da3f78f5fc725228a4bc5fe.