After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 545370 - playing some mp3s segfaults
playing some mp3s segfaults
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-ugly
0.10.8
Other All
: Normal critical
: 0.10.9
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 581279 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-07-29 18:57 UTC by Lorenz Quack
Modified: 2009-05-07 13:50 UTC
See Also:
GNOME target: ---
GNOME version: 2.21/2.22

Attachments
this mp3 causes the crash (9.77 KB, audio/mp3)
2008-07-29 19:06 UTC, Lorenz Quack 		Details

Description Lorenz Quack 2008-07-29 18:57:54 UTC 
Steps to reproduce:
1. start qt4s musicplayer example 
2. load a certain mp3 (only some cause the crash)



Stack trace:

+ Trace 204108

  • #0 ??
    from /lib/libc.so.6
  • #1 ??
    from /lib/libc.so.6
  • #2 realloc
    from /lib/libc.so.6
  • #3 g_realloc
    from /usr/lib/libglib-2.0.so.0
  • #4 ??
    from /usr/lib/libglib-2.0.so.0
  • #5 g_array_append_vals
    from /usr/lib/libglib-2.0.so.0
  • #6 gst_structure_id_set_valist
    from /usr/lib/libgstreamer-0.10.so.0
  • #7 gst_structure_id_set
    from /usr/lib/libgstreamer-0.10.so.0
  • #8 gst_query_new_duration
    from /usr/lib/libgstreamer-0.10.so.0
  • #9 gst_pad_query_duration
    from /usr/lib/libgstreamer-0.10.so.0
  • #10 gst_pad_query_peer_duration
    from /usr/lib/libgstreamer-0.10.so.0
  • #11 mp3parse_total_bytes
    at gstmpegaudioparse.c line 1464
  • #12 mp3parse_bytepos_to_time
    at gstmpegaudioparse.c line 1605
  • #13 mp3parse_total_time
    at gstmpegaudioparse.c line 1501
  • #14 mp3parse_bytepos_to_time
    at gstmpegaudioparse.c line 1605
  • #15 mp3parse_total_time
    at gstmpegaudioparse.c line 1501
  • #16 mp3parse_bytepos_to_time
    at gstmpegaudioparse.c line 1605
  • #17 mp3parse_total_time
    at gstmpegaudioparse.c line 1501
  • #18 mp3parse_bytepos_to_time
    at gstmpegaudioparse.c line 1605
  • #95265 mp3parse_total_time
    at gstmpegaudioparse.c line 1501
  • #95266 mp3parse_bytepos_to_time
    at gstmpegaudioparse.c line 1605
  • #95267 mp3parse_total_time
    at gstmpegaudioparse.c line 1501
  • #95268 gst_mp3parse_chain
    at gstmpegaudioparse.c line 950
  • #95269 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #95270 gst_pad_push
    from /usr/lib/libgstreamer-0.10.so.0
  • #95271 ??
    from /usr/lib64/gstreamer-0.10/libgstcoreelements.so
  • #95272 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #95273 gst_pad_push
    from /usr/lib/libgstreamer-0.10.so.0
  • #95274 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #95275 gst_pad_push
    from /usr/lib/libgstreamer-0.10.so.0
  • #95276 ??
    from /usr/lib/libgstbase-0.10.so.0
  • #95277 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #95278 ??
    from /usr/lib/libglib-2.0.so.0
  • #95279 ??
    from /usr/lib/libglib-2.0.so.0
  • #95280 start_thread
    from /lib/libpthread.so.0
  • #95281 clone
    from /lib/libc.so.6
  • #95282 ?? 


Other information:
This bug might be related too (or the same as) http://bugzilla.gnome.org/show_bug.cgi?id=522357 but I'm not sure.
It seems that there is an infinite loop in gstmpegaudioparse.c
I also ran the prog with GST_DEBUG=*:5 the output was a whopping 241MB but compressed nicely to 7.3MB.
Comment 1 Sebastian Dröge (slomo) 2008-07-29 19:06:36 UTC 
Please install debug packages for glib, gstreamer, gst-plugins-base and get a new backtrace. Also, could you make such MP3 available?
Comment 2 Lorenz Quack 2008-07-29 19:06:45 UTC 
Created attachment 115512 [details]
this mp3 causes the crash

The mp3 plays fine with mplayer and audacious but crashes with the qt4.4 musicplayer example that uses the gstreamer backend.
I deliberately cut the mp3 to make upload easier and avoid copyright issues. You should only here a single chord.
Comment 3 Lorenz Quack 2008-07-29 20:57:22 UTC 
I'm very sorry but I find it currently impossible to convince my f****ng gentoo to install those @§#* debug versions... *grrrr* (have... to... stay... calm... smashing the keyboard into the monitor won't get me anywhere either)

...but I did upload the compressed log from the GST_DEBUG=*:5 run:
http://senduit.com/dd694e 
It will be available there for 1 week.

I'll try tomorrow again. hopefully I'll have more luck.
Comment 4 Sebastian Dröge (slomo) 2008-07-31 14:34:51 UTC 
2008-07-31  Sebastian Dröge  <sebastian.droege@collabora.co.uk>

        * gst/mpegaudioparse/gstmpegaudioparse.c:
        (gst_mp3parse_sink_event), (gst_mp3parse_emit_frame),
        (mp3parse_total_time), (mp3parse_bytepos_to_time):
        Don't recurse from mp3parse_bytepos_to_time() to mp3parse_total_time()
        if we're called from there already. Otherwise we end up in a endless
        recursion and crash with a stack overflow.

        This can happen when a Xing or VBRI header with TOC exists but it
        doesn't contain the total time. Fixes bug #545370.
Comment 5 Lorenz Quack 2008-07-31 15:58:21 UTC 
Thank you very much!

quick, reply and quick fix even though I failed to provide all requested information.

your work is much appreciated!
Comment 6 Sebastian Dröge (slomo) 2009-05-07 13:50:20 UTC 
*** Bug 581279 has been marked as a duplicate of this bug. ***