Bug 516436 – [dvdsub] segfault on display of 1st subpicture in 2nd chapter [Japanese Harry Potter DVD]

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 516436 - [dvdsub] segfault on display of 1st subpicture in 2nd chapter [Japanese Harry Potter DVD]


Summary:	[dvdsub] segfault on display of 1st subpicture in 2nd chapter [Japanese Harry...


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-bad
Version:	git master
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	0.10.6
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2008-02-14 12:47 UTC by Tal Shalif
Modified:	2008-02-14 14:33 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
patch against gstdvdspu-render.c r1.2 to check for null pointer (770 bytes, patch) 2008-02-14 12:50 UTC, Tal Shalif	none	Details \| Review
dvdspu.diff (728 bytes, patch) 2008-02-14 13:52 UTC, Sebastian Dröge (slomo)	committed	Details \| Review

Description Tal Shalif 2008-02-14 12:47:35 UTC

Please describe the problem:
Watching the first Harry Potter movie (Japanese, NTSC), with the default (Japanese) subpictures turned-on works fine through the 1st chapter. At the beginning of the 2nd chapter, right before the first subpicture is about to be displayed, a segfault occurs in gstdvdspu-render.c

Steps to reproduce:
Note: I was only able to reproduce it with the one DVD: Japanese version of "Harry Potter and the Philosopher's stone"
1. gst-launch dvdreadsrc ! queue ! dvddemux name=demux .current_video ! queue ! mpeg2dec ! ffmpegcolorspace ! dvdspu name=mix ! ffmpegcolorspace ! xvimagesink  demux.current_subpicture ! mix.subpicture
2. watch until it crashes, just before displaying the first Japanese subtitle in second chapter (English equivalent is "Up!")
3. 


Actual results:
application throws segfault

Expected results:
normal play

Does this happen every time?
Yes, providing the Japanese subtitle is turned on (current_subpicture or subpicture_00, subpicture_01 are all Japanese). It does not happen if the English subpicture is turned on (i.e. subpicture_02)

Other information:
Checking for "state->line_ctrl_i != 0" seems to work around this problem.

Comment 1 Tal Shalif 2008-02-14 12:50:12 UTC

Created attachment 105229 [details] [review]
patch against gstdvdspu-render.c r1.2 to check for null pointer

Comment 2 Sebastian Dröge (slomo) 2008-02-14 12:57:41 UTC

Should be more a != NULL and please use unified diffs next time :) Other than that this looks correct...

Comment 3 Jan Schmidt 2008-02-14 13:31:27 UTC

It doesn't look correct to me - it fixes this problem, but line_ctrl_i should never be NULL when n_line_ctrl_i is > 0.

The better fix is in gst_dvd_spu_handle_new_spu_buf: When freeing the state->line_ctrl_i array, state->n_line_ctrl_i should be set to 0 as it is everywhere else.

Comment 4 Sebastian Dröge (slomo) 2008-02-14 13:52:54 UTC

Created attachment 105235 [details] [review]
dvdspu.diff

Ok, could you please test the attached patch if it also fixes your problem?

Comment 5 Tal Shalif 2008-02-14 14:25:16 UTC

(In reply to comment #4)
> Created an attachment (id=105235) [edit]
> dvdspu.diff
> 
> Ok, could you please test the attached patch if it also fixes your problem?
> 

tshalif: OK. It works. Thanks

Comment 6 Sebastian Dröge (slomo) 2008-02-14 14:33:15 UTC

2008-02-14  Sebastian Dröge  <slomo@circular-chaos.org>

	* gst/dvdspu/gstdvdspu.c: (gst_dvd_spu_handle_new_spu_buf):
	Set n_line_ctrl_i to 0 whenever we free line_ctrl_i. Patch based
	on an idea by Jan Schmidt, fixes bug #516436.