After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 399340 - Crash in the oggdemux plugin when trying to play a specially crafted OGG file
Crash in the oggdemux plugin when trying to play a specially crafted OGG file
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-base
0.10.11
Other Linux
: Normal major
: 0.10.12
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 397229 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2007-01-22 11:20 UTC by Loïc Minier
Modified: 2007-01-23 18:39 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
possible fix (764 bytes, patch)
2007-01-22 16:24 UTC, Tim-Philipp Müller 		committed Details | Review

Description Loïc Minier 2007-01-22 11:20:11 UTC 
Hi,

Sam Hocevar reported three different issues with GStreamer 0.10 modules in
Debian bug http://bugs.debian.org/407004.  The bugs were discovered with the
help of a new media file fuzzer, "zzuf", which is available from
http://sam.zoy.org/zzuf/.

This particular bug is about the hang that happens when trying to play http://sam.zoy.org/zzuf/lol-gstreamer.ogg.

This results in a segfault in gst_ogg_pad_submit_page():

+ Trace 104251

Thread 2 (Thread -1215755344 (LWP 1034))

  • #0 memcpy
    from /lib/tls/i686/cmov/libc.so.6
  • #1 ogg_stream_pagein
    from /usr/lib/libogg.so.0
  • #2 gst_ogg_pad_submit_page
    at gstoggdemux.c line 1303
  • #3 gst_ogg_demux_read_chain
    at gstoggdemux.c line 2442
  • #4 gst_ogg_demux_loop
    at gstoggdemux.c line 2689
  • #5 gst_task_func
    at gsttask.c line 192
  • #6 g_thread_pool_thread_proxy
    at gthreadpool.c line 265
  • #7 g_thread_create_proxy
    at gthread.c line 591
  • #8 start_thread
    from /lib/tls/i686/cmov/libpthread.so.0
  • #9 clone
    from /lib/tls/i686/cmov/libc.so.6 


The other threads are not interesting.

This is with plugins-base 0.10.11, and GStreamer 0.10.11.

Bye,
Comment 1 Tim-Philipp Müller 2007-01-22 16:24:42 UTC 
Created attachment 80904 [details] [review]
possible fix
Comment 2 Tim-Philipp Müller 2007-01-22 16:41:26 UTC 
*** Bug 397229 has been marked as a duplicate of this bug. ***
Comment 3 Loïc Minier 2007-01-22 16:50:43 UTC 
Works for me; thanks!
Comment 4 Tim-Philipp Müller 2007-01-23 18:39:49 UTC 
Committed:

 2007-01-23  Tim-Philipp Müller  <tim at centricular dot net>
 
       * ext/ogg/gstoggdemux.c: (gst_ogg_demux_read_chain):
         Error out properly if we get an error from libogg while reading the
         BOS page(s). Fixes crash parsing 'fuzzed' ogg file (#399340).