After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 424809 - Partially downloaded qt h264 file crashes in decode_mb_cavlc()
Partially downloaded qt h264 file crashes in decode_mb_cavlc()
Status: RESOLVED DUPLICATE of bug 334707
Product: GStreamer
Classification: Platform
Component: gst-libav
0.10.2
Other Linux
: Normal critical
: NONE
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 432102 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2007-03-31 10:44 UTC by Sebastien Bacher
Modified: 2007-05-11 07:54 UTC
See Also:
GNOME target: ---
GNOME version: 2.17/2.18


Description Sebastien Bacher 2007-03-31 10:44:53 UTC 
The bug has been opened on https://launchpad.net/bugs/99348

"Binary package hint: totem

Description of the problem:
The gnome thumbnailer crashed while trying to thumbnail a file (https://launchpad.net/ubuntu/+source/totem/+bug/99341 ) which was still downloading. See Bug #99341 for further details.

ProblemType: Crash
Architecture: i386
CrashCounter: 1
Date: Sat Mar 31 09:54:58 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/bin/totem-video-thumbnailer
Package: totem-gstreamer 2.18.0-0ubuntu2
PackageArchitecture: i386
ProcCmdline: /usr/bin/gnome-video-thumbnailer -s 128 file:///home/sits/Desktop/spolsky.mp4 /tmp/.gnome_thumbnail.C393PT
...
.

+ Trace 123776

Thread 7 (process 15300)

  • #0 __do_global_dtors_aux
    from /usr/lib/gstreamer-0.10/libgstffmpegcolorspace.so
  • #1 _fini
    from /usr/lib/gstreamer-0.10/libgstffmpegcolorspace.so
  • #2 ??
    from /lib/ld-linux.so.2
  • #3 _rtld_global
    from /lib/ld-linux.so.2
  • #4 ??

Thread 1 (process 15318)

  • #0 decode_residual
    at h264.c line 5095
  • #1 decode_mb_cavlc
    at h264.c line 5612
  • #2 decode_slice
    at h264.c line 7501
  • #3 decode_nal_units
    at h264.c line 8238
  • #4 decode_frame
    at h264.c line 8381
  • #5 avcodec_decode_video
    at utils.c line 932
  • #6 gst_ffmpegdec_frame
    at gstffmpegdec.c line 1208
  • #7 gst_ffmpegdec_chain
    at gstffmpegdec.c line 1936
  • #8 gst_pad_chain_unchecked
    at gstpad.c line 3459
  • #9 gst_pad_push
    at gstpad.c line 3625
  • #10 gst_queue_loop
    at gstqueue.c line 810
  • #11 gst_task_func
    at gsttask.c line 192
  • #12 g_thread_pool_thread_proxy
    at gthreadpool.c line 265
  • #13 g_thread_create_proxy
    at gthread.c line 591
  • #14 start_thread
    from /lib/tls/i686/cmov/libpthread.so.0
  • #15 clone
    from /lib/tls/i686/cmov/libc.so.6 


Valgrind lists an invalid read:

==8078== Invalid read of size 4
==8078==    at 0x7D81193: decode_mb_cavlc (bitstream.h:407)
==8078==    by 0x7D97F9D: decode_slice (h264.c:7501)
==8078==    by 0x7D98F05: decode_nal_units (h264.c:8238)
==8078==    by 0x7D9A10D: decode_frame (h264.c:8381)
==8078==    by 0x7C6EE1F: avcodec_decode_video (utils.c:932)
==8078==    by 0x7C0A15F: gst_ffmpegdec_frame (gstffmpegdec.c:1208)
==8078==    by 0x7C0BFD3: gst_ffmpegdec_chain (gstffmpegdec.c:1936)
==8078==    by 0x4944A48: gst_pad_chain_unchecked (gstpad.c:3459)
==8078==    by 0x494513A: gst_pad_push (gstpad.c:3625)
==8078==    by 0x576916D: gst_queue_loop (gstqueue.c:810)
==8078==    by 0x495DD55: gst_task_func (gsttask.c:192)
==8078==    by 0x4BF14D7: g_thread_pool_thread_proxy (gthreadpool.c:265)
==8078==    by 0x4BEFB7E: g_thread_create_proxy (gthread.c:591)
==8078==    by 0x4B4FE59: start_thread (pthread_create.c:296)
==8078==    by 0x4E0B8ED: clone (in /usr/lib/debug/libc-2.5.so)
==8078==  Address 0x9637B81 is 209 bytes inside a block of size 211 alloc'd
==8078==    at 0x4021620: malloc (vg_replace_malloc.c:149)
==8078==    by 0x4BD92C5: g_malloc (gmem.c:131)
==8078==    by 0x492269B: gst_buffer_new_and_alloc (gstbuffer.c:289)
==8078==    by 0x5764AED: gst_file_src_create (gstfilesrc.c:784)
==8078==    by 0x48E9395: gst_base_src_get_range (gstbasesrc.c:1381)
==8078==    by 0x48E9E6F: gst_base_src_pad_get_range (gstbasesrc.c:1451)
==8078==    by 0x4941ECA: gst_pad_get_range (gstpad.c:3784)
==8078==    by 0x4942468: gst_pad_pull_range (gstpad.c:3916)
==8078==    by 0x493660E: gst_proxy_pad_do_getrange (gstghostpad.c:203)
==8078==    by 0x4941ECA: gst_pad_get_range (gstpad.c:3784)
==8078==    by 0x4942468: gst_pad_pull_range (gstpad.c:3916)
==8078==    by 0x576F3D0: gst_type_find_element_getrange (gsttypefindelement.c:664)
==8078==    by 0x4941ECA: gst_pad_get_range (gstpad.c:3784)
==8078==    by 0x4942468: gst_pad_pull_range (gstpad.c:3916)
==8078==    by 0x5F8C64D: (within /usr/lib/gstreamer-0.10/libgstqtdemux.so)
==8078==    by 0x495DD55: gst_task_func (gsttask.c:192)
==8078==    by 0x4BF14D7: g_thread_pool_thread_proxy (gthreadpool.c:265)
==8078==    by 0x4BEFB7E: g_thread_create_proxy (gthread.c:591)
==8078==    by 0x4B4FE59: start_thread (pthread_create.c:296)
==8078==    by 0x4E0B8ED: clone (in /usr/lib/debug/libc-2.5.so)
Comment 1 Philip Withnall 2007-04-27 19:24:33 UTC 
*** Bug 432102 has been marked as a duplicate of this bug. ***
Comment 2 Tim-Philipp Müller 2007-05-11 07:54:11 UTC 
Looks the same as #334707 to me.

(Can't really reproduce here locally either, but that might just be luck due to a different memory layout etc.)



*** This bug has been marked as a duplicate of 334707 ***