After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 337749 - totem (gstreamer) crashes when playing an avi file
totem (gstreamer) crashes when playing an avi file
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
0.10.2
Other All
: High major
: 0.10.3
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 339459 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-04-08 22:43 UTC by Allison Karlitskaya (desrt)
Modified: 2006-04-23 20:44 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
option 2 (1.01 KB, patch)
2006-04-08 23:58 UTC, Allison Karlitskaya (desrt) 		committed Details | Review
small testcase (30.00 KB, video/x-msvideo)
2006-04-09 18:20 UTC, Allison Karlitskaya (desrt) 		  Details

Description Allison Karlitskaya (desrt) 2006-04-08 22:43:26 UTC 
when playing an AVI file that someone checked into their svn repository along with their homework :)

the file is very very large.

---


Backtrace was generated from '/usr/bin/totem'

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1225144640 (LWP 2649)]
[New Thread -1254098000 (LWP 2658)]
[New Thread -1244345424 (LWP 2657)]
[New Thread -1235952720 (LWP 2652)]
[New Thread -1235293264 (LWP 2650)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
0xffffe410 in __kernel_vsyscall ()

+ Trace 67538

Thread 2 (Thread -1254098000 (LWP 2658))

  • #0 __kernel_vsyscall
  • #1 __waitpid_nocancel
    from /lib/tls/i686/cmov/libpthread.so.0
  • #2 libgnomeui_module_info_get
    from /usr/lib/libgnomeui-2.so.0
  • #3 <signal handler called>
  • #4 gst_avi_demux_get_type
    from /usr/lib/gstreamer-0.10/libgstavi.so
  • #5 gst_avi_demux_get_type
    from /usr/lib/gstreamer-0.10/libgstavi.so
  • #6 gst_avi_demux_get_type
    from /usr/lib/gstreamer-0.10/libgstavi.so
  • #7 gst_task_get_type
    from /usr/lib/libgstreamer-0.10.so.0
  • #8 g_thread_pool_free
    from /usr/lib/libglib-2.0.so.0
  • #9 g_static_private_free
    from /usr/lib/libglib-2.0.so.0
  • #10 start_thread
    from /lib/tls/i686/cmov/libpthread.so.0
  • #11 clone
    from /lib/tls/i686/cmov/libc.so.6 






Comment 1


Allison Karlitskaya (desrt)





          2006-04-08 22:43:57 UTC
        



btw: totem 1.4.0 in dapper with gst 0.10.






Comment 2


Allison Karlitskaya (desrt)





          2006-04-08 22:52:32 UTC
        



a much better trace.   this bug happens 100% of the time.

Backtrace was generated from '/usr/bin/totem'

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1224620352 (LWP 7447)]
[New Thread -1254098000 (LWP 7456)]
[New Thread -1243817040 (LWP 7455)]
[New Thread -1235424336 (LWP 7450)]
[New Thread -1234764880 (LWP 7448)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
0xffffe410 in __kernel_vsyscall ()




+
Trace
    67539






Thread 2
          (Thread -1254098000 (LWP 7456))


    

  • 
#0
__kernel_vsyscall

    • 

  • 
#1
__waitpid_nocancel

    
                from
                /lib/tls/i686/cmov/libpthread.so.0

    

    • 

  • 
#2
libgnomeui_module_info_get

    
                from
                /usr/lib/libgnomeui-2.so.0

    

    • 

  • 
#3
<signal handler called>

    • 

  • 
#4
gst_avi_demux_parse_stream

    
                at gstavidemux.c
                  line
                  967

    

    • 

  • 
#5
gst_avi_demux_stream_header

    
                at gstavidemux.c
                  line
                  1988

    

    • 

  • 
#6
gst_avi_demux_loop

    
                at gstavidemux.c
                  line
                  2420

    

    • 

  • 
#7
gst_task_get_type

    
                from
                /usr/lib/libgstreamer-0.10.so.0

    

    • 

  • 
#8
g_thread_pool_free

    
                from
                /usr/lib/libglib-2.0.so.0

    

    • 

  • 
#9
g_static_private_free

    
                from
                /usr/lib/libglib-2.0.so.0

    

    • 

  • 
#10
start_thread

    
                from
                /lib/tls/i686/cmov/libpthread.so.0

    

    • 

  • 
#11
clone

    
                from
                /lib/tls/i686/cmov/libc.so.6

    

    • 













Comment 3


Allison Karlitskaya (desrt)





          2006-04-08 23:08:38 UTC
        



recompiled with optimisation disabled and -ggdb





+
Trace
    67540






Thread 2
          (Thread -1253086288 (LWP 28311))


    

  • 
#0
__kernel_vsyscall

    • 

  • 
#1
__waitpid_nocancel

    
                from
                /lib/tls/i686/cmov/libpthread.so.0

    

    • 

  • 
#2
libgnomeui_module_info_get

    
                from
                /usr/lib/libgnomeui-2.so.0

    

    • 

  • 
#3
<signal handler called>

    • 

  • 
#4
gst_avi_demux_parse_stream

    
                at gstavidemux.c
                  line
                  967

    

    • 

  • 
#5
gst_avi_demux_stream_header

    
                at gstavidemux.c
                  line
                  1988

    

    • 

  • 
#6
gst_avi_demux_loop

    
                at gstavidemux.c
                  line
                  2420

    

    • 

  • 
#7
gst_task_get_type

    
                from
                /usr/lib/libgstreamer-0.10.so.0

    

    • 

  • 
#8
g_thread_pool_free

    
                from
                /usr/lib/libglib-2.0.so.0

    

    • 

  • 
#9
g_static_private_free

    
                from
                /usr/lib/libglib-2.0.so.0

    

    • 

  • 
#10
start_thread

    
                from
                /lib/tls/i686/cmov/libpthread.so.0

    

    • 

  • 
#11
clone

    
                from
                /lib/tls/i686/cmov/libc.so.6

    

    • 













Comment 4


Allison Karlitskaya (desrt)





          2006-04-08 23:24:43 UTC
        



gst_riff_parse_chunk returns NULL in the last (pass-by-reference) argument in the vent that the chunk has a size of zero.

sub here is the chunk.

        stream->name = g_new (gchar, GST_BUFFER_SIZE (sub) + 1);

GST_BUFFER_SIZE casts to GstObject and looks at ->size.  crash because sub is NULL.

3 easy ways to fix this crasher:

1:
GST_BUFFER_SIZE should return 0 if its argument is NULL.
GST_BUFFER_DATA should return NULL if its argument is NULL.

2:
alternatively the avidemux code should check for NULL and behave accordingly.

3:
alternatively the riff_parse_chunk code should allocate an empty chunk instead of returning NULL.


reassigning to gst, confirming and raising priority since this is such a trivial fix.






Comment 5


Allison Karlitskaya (desrt)





          2006-04-08 23:58:10 UTC
        



Created attachment 62996 [details] [review]
option 2

this implements suggestion #2 since it is the one with the least impact






Comment 6


Allison Karlitskaya (desrt)





          2006-04-09 18:20:55 UTC
        



Created attachment 63036 [details]
small testcase

this is the first 30kbytes of the file.  this is enough to cause the crash.






Comment 7


Wim Taymans





          2006-04-10 10:11:09 UTC
        



        Patch by: Ryan Lortie (desrt) <desrt at destr dot ca>

        * gst/avi/gstavidemux.c: (gst_avi_demux_parse_superindex),
        (gst_avi_demux_parse_stream), (gst_avi_demux_parse_index),
        (gst_avi_demux_stream_header):
        Fix some crashers with empty chunks. (Fixes #337749)







Comment 8


Fabio Bonelli





          2006-04-23 20:44:52 UTC
        



*** Bug 339459 has been marked as a duplicate of this bug. ***