After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 345930 - [id3demux] segfaults with file containing only ID3v1 tag
[id3demux] segfaults with file containing only ID3v1 tag
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
0.10.8
Other All
: High critical
: 0.10.4
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 172418 344158 345936 349184 350191 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-06-26 04:54 UTC by Scott Severance
Modified: 2006-08-06 22:04 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
gst-launch log (840.67 KB, application/octet-stream)
2006-06-26 05:51 UTC, James "Doc" Livingston
  Details
gst-launch log (24.06 KB, text/plain)
2006-06-26 05:56 UTC, James "Doc" Livingston
  Details
fix (1.35 KB, patch)
2006-06-29 07:47 UTC, Tim-Philipp Müller
committed Details | Review

Description Scott Severance 2006-06-26 04:54:04 UTC
Steps to reproduce:
1. Import files into the library
2. Crashes when it gets to Rosamunde__Oveture.mp3 (I posted the file in question at http://www.scottseverance.us/files/Rosamunde__Overture.mp3; MD5 hash: d1df6d020ea01cd8f2adb549d85fdfe8)

Stack trace:
Here is the tail of the debugging output. The full output is available at http://www.scottseverance.us/files/rhythmbox_debug.bz2

[0x81d81e0] [rb_metadata_gst_typefind_cb] rb-metadata-gst.c:563 (22:46:15): found type application/x-id3
[0x81d81e0] [rb_metadata_load] rb-metadata-gst.c:846 (22:46:15): failed to go to PAUSED for file:///home/mp3/classical/tchaikovsky_peter_i/classical_treasures__tchaikovsky/serenade_for_string_orchestra.mp3
[0x81d81e0] [action_thread_main] rhythmdb.c:2016 (22:46:15): executing RHYTHMDB_ACTION_LOAD for "file:///home/mp3/classical/tchaikovsky_peter_i/classical_treasures__tchaikovsky/nutcracker_suite__flower_waltz.mp3"
[0x81d81e0] [rb_metadata_load] rb-metadata-gst.c:760 (22:46:15): loading metadata for uri: file:///home/mp3/classical/tchaikovsky_peter_i/classical_treasures__tchaikovsky/nutcracker_suite__flower_waltz.mp3
[0x81d81e0] [rb_metadata_load] rb-metadata-gst.c:832 (22:46:15): going to PAUSED for metadata, uri: file:///home/mp3/classical/tchaikovsky_peter_i/classical_treasures__tchaikovsky/nutcracker_suite__flower_waltz.mp3
[0x81d81e0] [rb_metadata_gst_unknown_type_cb] rb-metadata-gst.c:629 (22:46:15): decodebin emitted unknown type signal
[0x81d81e0] [rb_metadata_gst_typefind_cb] rb-metadata-gst.c:563 (22:46:15): found type application/x-id3
[0x81d81e0] [rb_metadata_load] rb-metadata-gst.c:846 (22:46:15): failed to go to PAUSED for file:///home/mp3/classical/tchaikovsky_peter_i/classical_treasures__tchaikovsky/nutcracker_suite__flower_waltz.mp3
[0x81d81e0] [action_thread_main] rhythmdb.c:2016 (22:46:15): executing RHYTHMDB_ACTION_LOAD for "file:///home/mp3/classical/franz_schubert/Schubert_Masterpiece_Collection_Vol_7/Rosamunde__Overture.mp3"
[0x81d81e0] [rb_metadata_load] rb-metadata-gst.c:760 (22:46:15): loading metadata for uri: file:///home/mp3/classical/franz_schubert/Schubert_Masterpiece_Collection_Vol_7/Rosamunde__Overture.mp3
[0x81d81e0] [rb_metadata_load] rb-metadata-gst.c:832 (22:46:15): going to PAUSED for metadata, uri: file:///home/mp3/classical/franz_schubert/Schubert_Masterpiece_Collection_Vol_7/Rosamunde__Overture.mp3

Other information:
When I moved the mp3 file in question to a diffferent directory (outside the library tree), Rhythmbox behaved itself. However, it only imported .ogg files (no MP3s). I've read somewhere that I have to install some additional package to use MP3s.
Comment 1 James "Doc" Livingston 2006-06-26 05:45:17 UTC
Is the mp3 you linked to supposed to be 128 bytes long? It appears to be ID3v1 info, with 0 actual data.


In any case, it causes gst-launch to crash for me so I'm moving to GStreamer. I can't seem to get gdb or valgrind to give me a backtrace, but are working on it.
Comment 2 James "Doc" Livingston 2006-06-26 05:51:34 UTC
Created attachment 68008 [details]
gst-launch log

This is the interesting part of the GST_DEBUG=*:4 log (after id3demux gets created). I still can't seem to get a backtrace, but id3demux appears to be trying to pull data from past the 128 byte mark, and it may not be handling the failure properly.
Comment 3 James "Doc" Livingston 2006-06-26 05:56:58 UTC
Created attachment 68009 [details]
gst-launch log

bugzilla screwed up the attachment.
Comment 4 Scott Severance 2006-06-26 06:29:21 UTC
I hadn't noticed that the file somehow got truncated. At any rate, when I right-click on the file icon in Nautilus and choose Properties, Nautilus crashes. I don't know if it's related or not. I suppose I should file a separate bug for Nautilus
Comment 5 James "Doc" Livingston 2006-06-26 06:42:59 UTC
You don't need to create a separate bug for Nautilus, because it's being caused by the same issue: a crash inside GStreamer.
Comment 6 Fabio Bonelli 2006-06-26 09:26:06 UTC
*** Bug 345936 has been marked as a duplicate of this bug. ***
Comment 7 Tim-Philipp Müller 2006-06-29 07:47:23 UTC
Created attachment 68153 [details] [review]
fix
Comment 8 Tim-Philipp Müller 2006-06-29 11:23:34 UTC
Committed with some small modifications:


  2006-06-29  Tim-Philipp Müller  <tim at centricular dot net>

        * gst/id3demux/gstid3demux.c: (gst_id3demux_trim_buffer),
        (gst_id3demux_read_range):
          Make sure we don't return GST_FLOW_OK with a NULL buffer in
          certain cases where a read beyond the end of the file is
          requested. Fixes #345930.

        * gst/apetag/gsttagdemux.c: (gst_tag_demux_trim_buffer),
        (gst_tag_demux_read_range):
          Fix same issue here as well.

Comment 9 Jonathan Matthew 2006-07-03 12:33:31 UTC
*** Bug 172418 has been marked as a duplicate of this bug. ***
Comment 10 Jonathan Matthew 2006-07-30 07:58:00 UTC
*** Bug 349184 has been marked as a duplicate of this bug. ***
Comment 11 Jonathan Matthew 2006-08-04 21:46:23 UTC
*** Bug 344158 has been marked as a duplicate of this bug. ***
Comment 12 Jonathan Matthew 2006-08-06 22:04:46 UTC
*** Bug 350191 has been marked as a duplicate of this bug. ***