GNOME Bugzilla – Bug 398325
[smpte] Segfaults with big width/height
Last modified: 2007-01-23 17:28:09 UTC
Steps to reproduce: 1. gst-launch filesrc location=/opt/media/xvid.avi ! avidemux ! xviddec ! ffmpegcolorspace ! .sink1 smpte name=s type=245 ! ffmpegcolorspace ! xvimagesink filesrc location=/opt/media/xvid.avi ! avidemux ! xviddec ! ffmpegcolorspace ! s.sink2 Stack trace: [godfather@cube8linux gst-plugins-good-0.10.5]$ gst-launch filesrc location=/opt/media/xvid.avi ! avidemux ! xviddec ! ffmpegcolorspace ! .sink1 smpte name=s type=245 ! ffmpegcolorspace ! xvimagesink filesrc location=/opt/media/xvid.avi ! avidemux ! xviddec ! ffmpegcolorspace ! s.sink2 Setting pipeline to PAUSED ... Pipeline is PREROLLING ... Pipeline is PREROLLED ... Setting pipeline to PLAYING ... New clock: GstSystemClock *** glibc detected *** /usr/bin/gst-launch-0.10: munmap_chunk(): invalid pointer: 0xb764a008 *** ======= Backtrace: ========= /lib/libc.so.6(cfree+0x1bb)[0x20d67b] /lib/libglib-2.0.so.0(g_free+0x31)[0x38f15f1] /usr/lib/libgstreamer-0.10.so.0[0x131284] /usr/lib/libgstreamer-0.10.so.0(gst_mini_object_unref+0x8a)[0x14cb0a] /usr/lib/libgstbase-0.10.so.0[0x713111] /usr/lib/libgstreamer-0.10.so.0[0x1522c9] /usr/lib/libgstreamer-0.10.so.0(gst_pad_push+0x12b)[0x1529bb] /usr/lib/libgstbase-0.10.so.0[0x7105b4] /usr/lib/libgstreamer-0.10.so.0[0x1522c9] /usr/lib/libgstreamer-0.10.so.0(gst_pad_push+0x12b)[0x1529bb] /usr/lib/gstreamer-0.10/libgstxvid.so[0x4f9e5b] /usr/lib/libgstreamer-0.10.so.0[0x1522c9] /usr/lib/libgstreamer-0.10.so.0(gst_pad_push+0x12b)[0x1529bb] /usr/lib/gstreamer-0.10/libgstavi.so[0xf5d830] /usr/lib/gstreamer-0.10/libgstavi.so[0xf6009a] /usr/lib/libgstreamer-0.10.so.0[0x16a6a6] /lib/libglib-2.0.so.0[0x3909998] /lib/libglib-2.0.so.0[0x3907fcf] /lib/libpthread.so.0[0xd263db] /lib/libc.so.6(clone+0x5e)[0x27106e] ======= Memory map: ======== 00110000-001a0000 r-xp 00000000 fd:00 879159 /usr/lib/libgstreamer-0.10.so.0.10.0 001a0000-001a4000 rwxp 00090000 fd:00 879159 /usr/lib/libgstreamer-0.10.so.0.10.0 001a4000-002db000 r-xp 00000000 fd:00 2546807 /lib/libc-2.5.so 002db000-002dd000 r-xp 00137000 fd:00 2546807 /lib/libc-2.5.so 002dd000-002de000 rwxp 00139000 fd:00 2546807 /lib/libc-2.5.so 002de000-002e1000 rwxp 002de000 00:00 0 002e2000-002e9000 r-xp 00000000 fd:00 2546810 /lib/librt-2.5.so 002e9000-002ea000 r-xp 00006000 fd:00 2546810 /lib/librt-2.5.so 002ea000-002eb000 rwxp 00007000 fd:00 2546810 /lib/librt-2.5.so 002eb000-002ed000 r-xp 00000000 fd:00 873383 /usr/lib/libgstvideo-0.10.so.0.8.0 002ed000-002ee000 rwxp 00001000 fd:00 873383 /usr/lib/libgstvideo-0.10.so.0.8.0 002ee000-002f9000 r-xp 00000000 fd:00 2546815 /lib/libgcc_s-4.1.1-20061011.so.1 002f9000-002fa000 rwxp 0000a000 fd:00 2546815 /lib/libgcc_s-4.1.1-20061011.so.1 00311000-00319000 r-xp 00000000 fd:00 879122 /usr/lib/libSM.so.6.0.0 00319000-0031a000 rwxp 00007000 fd:00 879122 /usr/lib/libSM.so.6.0.0 0031c000-0031f000 r-xp 00000000 fd:00 2546812 /lib/libgmodule-2.0.so.0.1200.3 0031f000-00320000 rwxp 00002000 fd:00 2546812 /lib/libgmodule-2.0.so.0.1200.3 00323000-0033c000 r-xp 00000000 fd:00 2546806 /lib/ld-2.5.so 0033c000-0033d000 r-xp 00018000 fd:00 2546806 /lib/ld-2.5.so 0033d000-0033e000 rwxp 00019000 fd:00 2546806 /lib/ld-2.5.so 003fa000-003fe000 r-xp 00000000 fd:00 876786 /usr/lib/libXv.so.1.0.0 003fe000-003ff000 rwxp 00003000 fd:00 876786 /usr/lib/libXv.so.1.0.0 00406000-0040a000 r-xp 00000000 fd:00 2546827 /lib/libgthread-2.0.so.0.1200.3 0040a000-0040b000 rwxp 00003000 fd:00 2546827 /lib/libgthread-2.0.so.0.1200.3 0048e000-004a2000 r-xp 00000000 fd:00 1176466 /usr/lib/gstreamer-0.10/libgstffmpegcolorspace.so 004a2000-004a3000 rwxp 00014000 fd:00 1176466 /usr/lib/gstreamer-0.10/libgstffmpegcolorspace.so 004a3000-004a4000 rwxp 004a3000 00:00 0 004f1000-00586000 r-xp 00000000 fd:00 1176789 /usr/lib/gstreamer-0.10/libgstxvid.so 00586000-00587000 rwxp 00095000 fd:00 1176789 /usr/lib/gstreamer-0.10/libgstxvid.so 00587000-005fa000 rwxp 00587000 00:00 0 006fc000-0071d000 r-xp 00000000 fd:00 871926 /usr/lib/libgstbase-0.10.so.0.10.0 0071d000-0071e000 rwxp 00020000 fd:00 871926 /usr/lib/libgstbase-0.10.so.0.10.0 0077b000-00788000 r-xp 00000000 fd:00 1176512 /usr/lib/gstreamer-0.10/libgstxvimagesink.so 00788000-00789000 rwxp 0000d000 fd:00 1176512 /usr/lib/gstreamer-0.10/libgstxvimagesink.so 007b9000-007de000 r-xp 00000000 fd:00 1175467 /usr/lib/gstreamer-0.10/libgstcoreelements.so 007de000-007e0000 rwxp 00024000 fd:00 1175467 /usr/lib/gstreamer-0.10/libgstcoreelements.so 007f8000-007f9000 r-xp 007f8000 00:00 0 [vdso] 00aaf000-00ab6000 r-xp 00000000 fd:00 857684 /usr/lib/libgstinterfaces-0.10.so.0.8.0 00ab6000-00ab7000 rwxp 00007000 fd:00 857684 /usr/lib/libgstinterfaces-0.10.so.0.8.0 00b43000-00b4c000 r-xp 00000000 fd:00 873381 /usr/lib/libgstriff-0.10.so.0.8.0 00b4c000-00b4d000 rwxp 00008000 fd:00 873381 /usr/lib/libgstriff-0.10.so.0.8.0 00c5a000-00c63000 r-xp 00000000 fd:00 2545961 /lib/libnss_files-2.5.so 00c63000-00c64000 r-xp 00008000 fd:00 2545961 /lib/libnss_files-2.5.so 00c64000-00c65000 rwxp 00009000 fd:00 2545961 /lib/libnss_files-2.5.so 00cf2000-00d17000 r-xp 00000000 fd:00 2546813 /lib/libm-2.5.so 00d17000-00d18000 r-xp 00024000 fd:00 2546813 /lib/libm-2.5.so 00d18000-00d19000 rwxp 00025000 fd:00 2546813 /lib/libm-2.5.so 00d1b000-00d1d000 r-xp 00000000 fd:00 2546808 /lib/libdl-2.5.so 00d1d000-00d1e000 r-xp 00001000 fd:00 2546808 /lib/libdl-2.5.so 00d1e000-00d1f000 rwxp 00002000 fd:00 2546808 /lib/libdl-2.5.so 00d21000-00d34000 r-xp 00000000 fd:00 2546809 /lib/libpthread-2.5.so 00d34000-00d35000 r-xp 00012000 fd:00 2546809 /lib/libpthread-2.5.so 00d35000-00d36000 rwxp 00013000 fd:00 2546809 /lib/libpthread-2.5.so 00d36000-00d38000 rwxp 00d36000 00:00 0 00d3a000-00d4c000 r-xp 00000000 fd:00 857669 /usr/lib/libz.so.1.2.3 00d4c000-00d4d000 rwxp 00011000 fd:00 857669 /usr/lib/libz.so.1.2.3 00d4f000-00d51000 r-xp 00000000 fd:00 879101 /usr/lib/libXau.so.6.0.0 00d51000-00d52000 rwxp 00001000 fd:00 879101 /usr/lib/libXau.so.6.0.0 00d54000-00d59000 r-xp 00000000 fd:00 879115 /usr/lib/libXdmcp.so.6.0.0 00d59000-00d5a000 rwxp 00004000 fd:00 879115 /usr/lib/libXdmcp.so.6.0.0 00d5c000-00d6b000 r-xp 00000000 fd:00 863673 /usr/lib/libXext.so.6.4.0 00d6b000-00d6c000 rwxp 0000e000 fd:00 863673 /usr/lib/libXext.so.6.4.0 00e00000-00e07000 r-xp 00000000 fd:00 1176733 /usr/lib/gstreamer-0.10/libgstsmpte.so 00e07000-00e0b000 rwxp 00006000 fd:00 1176733 /usr/lib/gstreamer-0.10/libgstsmpte.so 00ebb000-00ed0000 r-xp 00000000 fd:00 871915 /usr/lib/libgstaudio-0.10.so.0.8.0 00ed0000-00ed1000 rwxp 00015000 fd:00 871915 /usr/lib/libgstaudio-0.10.so.0.8.0 00f4f000-00f66000 r-xp 00000000 fd:00 1176545 /usr/lib/gstreamer-0.10/libgstavi.so 00f66000-00f67000 rwxp 00016000 fd:00 1176545 /usr/lib/gstreamer-0.10/libgstavi.so 00f67000-00f68000 --xp 00f67000 00:00 0 00f68000-01968000 rwxp 00f68000 00:00 0 01f41000-01f42000 --xp 01f41000 00:00 0 01f42000-02942000 rwxp 01f42000 00:00 0 02942000-02943000 --xp 02942000 00:00 0 02943000-03343000 rwxp 02943000 00:00 0 036b1000-037af000 r-xp 00000000 fd:00 879116 /usr/lib/libX11.so.6.2.0 037af000-037b3000 rwxp 000fe000 fd:00 879116 /usr/lib/libX11.so.6.2.0 038a3000-038ba000 r-xp 00000000 fd:00 857754 /usr/lib/libICE.so.6.3.0 038ba000-038bb000 rwxp 00016000 fd:00 857754 /usr/lib/libICE.so.6.3.0 038bb000-038bd000 rwxp 038bb000 00:00 0 038bf000-0395c000 r-xp 00000000 fd:00 2546811 /lib/libglib-2.0.so.0.1200.3 0395c000-0395d000 rwxp 0009c000 fd:00 2546811 /lib/libglib-2.0.so.0.1200.3 0395f000-0399d000 r-xp 00000000 fd:00 2545989 /lib/libgobject-2.0.so.0.1200.3 0399d000-0399e000 rwxp 0003e000 fd:00 2545989 /lib/libgobject-2.0.so.0.1200.3 04142000-04254000 r-xp 00000000 fd:00 858278 /usr/lib/libxml2.so.2.6.27 04254000-04259000 rwxp 00112000 fd:00 858278 /usr/lib/libxml2.so.2.6.27 04259000-0425a000 rwxp 04259000 00:00 0 0425a000-0425b000 --xp 0425a000 00:00 0 0425b000-04c5b000 rwxp 0425b000 00:00 0 05620000-05621000 --xp 05620000 00:00 0 05621000-06021000 rwxp 05621000 00:00 0 08048000-0804c000 r-xp 00000000 fd:00 855101 /usr/bin/gst-launch-0.10 0804c000-0804d000 rw-p 00004000 fd:00 855101 /usr/bin/gst-launch-0.10 080d2000-08232000 rw-p 080d2000 00:00 0 b6c1c000-b74bc000 rw-p b6c1c000 00:00 0 b751d000-b751e000 rw-p b751d000 00:00 0 b751e000-b75b4000 rw-s 00000000 00:08 5537800 /SYSV00000000 (deleted) b764a000-b7d5c000 rw-p b764a000 00:00 0 b7d5c000-b7f5c000 r--p 00000000 fd:00 852700 /usr/lib/locale/locale-archive b7f5c000-b7f5f000 rw-p b7f5c000 00:00 0 b7f7b000-b7f7c000 rw-p b7f7b000 00:00 0 bfb88000-bfb9c000 rwxp bfb88000 00:00 0 [stack] bfb9c000-bfb9d000 rw-p bfb9c000 00:00 0 Aborted [godfather@cube8linux gst-plugins-good-0.10.5]$ Other information: The error happens in type specification on smpte where type >= 201 onwards. and a pipeline similar to the one above. pipeline with videotestsrc does not produce any problems (i guess)
Sameer, my first fix to smpte was not completely correct. Could you update cvs and try again ?
i did try with the latest. i can use xvimagesink now. but the above pipeline crashes on smpte type>=201
uploaded the sample video at http://sameersbn.cabspace.com/testmedia/xvid.avi
Sameer, would you be on a 64bit machine by any chance ?
So the problem seems to be in paint.c in the draw_bresenham_line() function. In the loop, the following line: *dest = col causes a segfault because it's accessing a non-allocated address: Caught SIGSEGV accessing address 0x2aaaaae54350
And it just happens with big width/height For ex, the following will fail: gst-launch-0.10 videotestsrc ! video/x-raw-yuv,width=720,height=480 ! .sink1 smpte name=s type=245 ! ffmpegcolorspace ! xvimagesink videotestsrc pattern=1 ! video/x-raw-yuv,width=720,height=480 ! s.sink2 But not this: gst-launch-0.10 videotestsrc ! video/x-raw-yuv,width=320,height=480 ! .sink1 smpte name=s type=245 ! ffmpegcolorspace ! xvimagesink videotestsrc pattern=1 ! video/x-raw-yuv,width=320,height=480 ! s.sink2
nope... i dont use a 64bit machine its an 32bit intel pentium 4 2.6 GHz
* gst/smpte/barboxwipes.c: (gst_wipe_boxes_draw), (gst_wipe_triangles_clock_draw), (gst_wipe_triangles_draw): * gst/smpte/gstmask.c: (_gst_mask_register): * gst/smpte/gstmask.h: * gst/smpte/gstsmpte.c: (gst_smpte_update_mask): * gst/smpte/paint.c: (gst_smpte_paint_hbox), (draw_bresenham_line), (gst_smpte_paint_triangle_clock): constify some static structs. Don't update the mask if nothing changed to the params. Make sure we never draw outside of the picture. Fixes #398325.