GNOME Bugzilla – Bug 556010
AVI muxer segfault
Last modified: 2008-10-21 12:43:18 UTC
Running the following pipeline: gst-launch-0.10 filesrc location=chickenpayback.mpeg ! flupsdemux ! mpegvideoparse ! avimux ! fakesink (gst-launch-0.10:11072): GStreamer-CRITICAL **: gst_buffer_create_sub: assertion `buffer->size >= offset + size' failed *** glibc detected *** gst-launch-0.10: free(): invalid next size (normal): 0x09f29c00 *** (gdb) bt
+ Trace 208073
$1 = {mini_object = {instance = {g_class = 0x9cc6e08}, refcount = 1, flags = 0, _gst_reserved = 0x0}, data = 0x9dda800 "RIFF^\004", size = 1100, timestamp = 18446744073709551615, duration = 18446744073709551615, caps = 0x0, offset = 18446744073709551615, offset_end = 18446744073709551615, malloc_data = 0x9dda800 "RIFF^\004", free_func = 0xb7dcfbf0 <g_free>, _gst_reserved = {0x0, 0x0, 0x0}} (gdb) p highmark $2 = 1126 Seems that highmark is bigger than the allocated GstBuffer, then some data had been memcopied outside the allocated data for GstBuffer and some corruption is produced.
Created attachment 120512 [details] [review] Fix vprp chunk writing This patch fixes what might cause segfaults in rare circumstances (and this might be an example case of it): * Fix vprp setup in header (which has nothing to do with codec_data size).
Thanks! Committed: * gst/avi/gstavimux.c: Fix VPRP chunk setup in avimux. Fixes: #556010 Patch By: Mark Nauwelaerts <mark.nauwelaerts@collabora.co.uk>