Bug 127815 – gst-register sigsegs 100% of the time.

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 127815 - gst-register sigsegs 100% of the time.


Summary:	gst-register sigsegs 100% of the time.


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gstreamer (core)
Version:	0.6.4
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	0.7.5
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Duplicates:	127986 (view as bug list)
Depends on:
Blocks:

Reported:	2003-11-24 15:45 UTC by Jon Nelson
Modified:	2004-12-22 21:47 UTC

See Also:
GNOME target:	---
GNOME version:	2.3/2.4

Description Jon Nelson 2003-11-24 15:45:25 UTC

Distribution: Unknown
Package: GStreamer
Severity: normal
Version: GNOME2.4.1 0.6.4
Gnome-Distributor: GNOME.Org
Synopsis: gst-register, 100% reproduceable crash
Bugzilla-Product: GStreamer
Bugzilla-Component: gstreamer (core)
Bugzilla-Version: 0.6.4
Description:
Description of the crash:

run gst-register.
boom.

Steps to reproduce the crash:
1. run gst-register

Expected Results:

gst-register ought not crash.

How often does this happen?

100% of the time.

Additional Information:

this is run as root.


stat64("/usr/lib/gstreamer-0.6/libgstsnapshot.so",
{st_mode=S_IFREG|0644, st_size=283540, ...}) = 0
access("/usr/lib/gstreamer-0.6/libgstsnapshot.so", F_OK) = 0
open("/usr/lib/gstreamer-0.6/libgstsnapshot.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\34"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=283540, ...}) = 0
old_mmap(NULL, 27008, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40017000
mprotect(0x4001d000, 2432, PROT_NONE)   = 0
old_mmap(0x4001d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x5000) = 0x4001d000
close(3)                                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=37820, ...}) = 0
old_mmap(NULL, 37820, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4045d000
close(3)                                = 0
open("/usr/lib/libpng.so.3", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@^\0\000"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=558996, ...}) = 0
old_mmap(NULL, 224160, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40467000
mprotect(0x4049d000, 2976, PROT_NONE)   = 0
old_mmap(0x4049d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x35000) = 0x4049d000
close(3)                                = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\265D(\211lJ=iM4@\274\33\323\t\345C\faM9\25\223\317r2\""...,
32) = 32
close(3)                                = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\221\336C\320\306\357}|\30]V\352\35\316\23\30\356\357\255"...,
32) = 32
close(3)                                = 0
munmap(0x4045d000, 37820)               = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


and ltrace:

gst_registry_pool_list(0xbffffb60, 0xbffffb64, 0x4021cb45, 0x08049143,
3) = 0x0805062c
g_list_reverse(0x0805062c, 0xbffffb64, 0x4021cb45, 0x08049143, 3) =
0x08050638
gst_registry_get_type(0x0805062c, 0xbffffb64, 0x4021cb45, 0x08049143, 3)
= 0x0804e820
g_type_check_instance_cast(0x080503e8, 0x0804e820, 0x4021cb45,
0x08049143, 3) = 0x080503e8
g_type_check_instance_cast(0x080503e8, 80, 0x4021cb45, 0x08049143, 3) =
0x080503e8
g_signal_connect_data(0x080503e8, 0x080495f8, 0x08048e50, 0, 0)  = 1
g_print(0x08049605, 0x08053de0, 0x08048e50, 0, 0rebuilding
global_registry
)                = 0x402f0fa0
gst_registry_rebuild(0x080503e8, 0x08053de0, 0x08048e50, 0, 0
<unfinished ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++



Debugging Information:

Backtrace was generated from '/usr/bin/gst-register'

Core was generated by `gst-register'.
Program terminated with signal 11, Segmentation fault.

+ Trace 42040

Thread 1 (process 23956)

#0 gst_mem_chunk_alloc
at gstmemchunk.c line 182
#1 gst_props_empty_new
at gstprops.c line 351
#2 gst_props_newv
at gstprops.c line 666
#3 gst_props_new
at gstprops.c line 472
#4 snapshot_sink_factory
at gstsnapshot.c line 54
#5 plugin_init
at gstsnapshot.c line 382
#6 gst_plugin_register_func
at gstplugin.c line 110
#7 gst_plugin_load_plugin
at gstplugin.c line 187
#8 gst_xml_registry_rebuild
at gstxmlregistry.c line 1641
#9 gst_registry_rebuild
at gstregistry.c line 182
#10 main
at gst-register.c line 85

Comment 1 Jon Nelson 2003-11-26 15:51:49 UTC

*** Bug 127986 has been marked as a duplicate of this bug. ***

Comment 2 Jon Nelson 2003-11-26 20:52:52 UTC

More data.
This was compiled with the latest gcc (3.3.2) and propolice (3.3-5).
When -fstack-protector-all is used, that's what triggers the sigseg.
I'm not sure /why/, but there is clearly a buffer overrun or a bug in
propolice.

Comment 3 Ronald Bultje 2003-11-26 21:24:10 UTC

Then I assume you want to add a bug there instead of here? This
doesn't sound like a GStreamer bug then...

Comment 4 Jon Nelson 2003-11-26 21:28:15 UTC

Well, no, it's still a buffer overrun.

The difference is that propolice catches it an aborts gstreamer,
rather than allowing it to continue after what it believes at this
point is a buffer overrun.

Comment 5 Thomas Vander Stichele 2003-12-12 17:59:02 UTC

I have never seen backtraces look like that.
two threads, same backtrace with same pointers, the second one having
more info ?

what dist are you on, and what sort of non-standard stuff did you do
to the build to get the first bt ?

Comment 6 Thomas Vander Stichele 2004-02-06 15:42:04 UTC

ping, please comment

Comment 7 Jon Nelson 2004-02-06 16:53:30 UTC

I'll look into it today.
Thanks for the ping!

Comment 8 Jon Nelson 2004-02-06 19:17:40 UTC

I tried 0.7.4 today.
No sigseg.
yay!