After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 556010 - AVI muxer segfault
AVI muxer segfault
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
git master
Other Linux
: Normal blocker
: 0.10.11
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2008-10-12 12:08 UTC by Josep Torra Valles
Modified: 2008-10-21 12:43 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Fix vprp chunk writing (1.50 KB, patch)
2008-10-13 16:01 UTC, Mark Nauwelaerts
committed Details | Review

Description Josep Torra Valles 2008-10-12 12:08:35 UTC
Running the following pipeline:

gst-launch-0.10 filesrc location=chickenpayback.mpeg ! flupsdemux ! mpegvideoparse ! avimux ! fakesink


(gst-launch-0.10:11072): GStreamer-CRITICAL **: gst_buffer_create_sub: assertion `buffer->size >= offset + size' failed
*** glibc detected *** gst-launch-0.10: free(): invalid next size (normal): 0x09f29c00 ***

(gdb) bt
  • #0 __kernel_vsyscall
  • #1 raise
    from /lib/tls/i686/cmov/libc.so.6
  • #2 abort
    from /lib/tls/i686/cmov/libc.so.6
  • #3 ??
    from /lib/tls/i686/cmov/libc.so.6
  • #4 ??
    from /lib/tls/i686/cmov/libc.so.6
  • #5 malloc
    from /lib/tls/i686/cmov/libc.so.6
  • #6 __vasprintf_chk
    from /lib/tls/i686/cmov/libc.so.6
  • #7 g_vasprintf
    from /usr/lib/libglib-2.0.so.0
  • #8 g_strdup_vprintf
    from /usr/lib/libglib-2.0.so.0
  • #9 g_logv
    from /usr/lib/libglib-2.0.so.0
  • #10 g_log
    from /usr/lib/libglib-2.0.so.0
  • #11 g_return_if_fail_warning
    from /usr/lib/libglib-2.0.so.0
  • #12 gst_buffer_create_sub
    at gstbuffer.c line 576
  • #13 gst_avi_mux_riff_get_avi_header
    at gstavimux.c line 1261
  • #14 gst_avi_mux_start_file
    at gstavimux.c line 1560
  • #15 gst_avi_mux_collect_pads
    at gstavimux.c line 1852
  • #16 gst_collect_pads_check_collected
    at gstcollectpads.c line 1038
  • #17 gst_collect_pads_chain
    at gstcollectpads.c line 1247
  • #18 gst_pad_chain_unchecked
    at gstpad.c line 3890
  • #19 gst_pad_push
    at gstpad.c line 4057
  • #20 mpegvideoparse_drain_avail
    at mpegvideoparse.c line 418
  • #21 gst_mpegvideoparse_chain
    at mpegvideoparse.c line 475
  • #22 gst_pad_chain_unchecked
    at gstpad.c line 3890
  • #23 gst_pad_push
    at gstpad.c line 4057
  • #24 gst_flups_demux_data_cb
    at gstmpegdemux.c line 486
  • #25 gst_pes_filter_data_push
    at gstpesfilter.c line 493
  • #26 gst_pes_filter_parse
    at gstpesfilter.c line 415
  • #27 gst_flups_demux_chain
    at gstmpegdemux.c line 1742
  • #28 gst_pad_chain_unchecked
    at gstpad.c line 3890
  • #29 gst_pad_push
    at gstpad.c line 4057
  • #30 gst_base_src_loop
    at gstbasesrc.c line 2187
  • #31 gst_task_func
    at gsttask.c line 192
  • #32 ??
    from /usr/lib/libglib-2.0.so.0
  • #33 ??
    from /usr/lib/libglib-2.0.so.0
  • #34 start_thread
    from /lib/tls/i686/cmov/libpthread.so.0
  • #35 clone
    from /lib/tls/i686/cmov/libc.so.6
  • #13 gst_avi_mux_riff_get_avi_header
    at gstavimux.c line 1261
$1 = {mini_object = {instance = {g_class = 0x9cc6e08}, refcount = 1, flags = 0, _gst_reserved = 0x0}, data = 0x9dda800 "RIFF^\004", size = 1100, timestamp = 18446744073709551615, duration = 18446744073709551615, caps = 0x0, 
  offset = 18446744073709551615, offset_end = 18446744073709551615, malloc_data = 0x9dda800 "RIFF^\004", free_func = 0xb7dcfbf0 <g_free>, _gst_reserved = {0x0, 0x0, 0x0}}
(gdb) p highmark
$2 = 1126

Seems that highmark is bigger than the allocated GstBuffer, then some data had been memcopied outside the allocated data for GstBuffer and some corruption is produced.
Comment 1 Mark Nauwelaerts 2008-10-13 16:01:31 UTC
Created attachment 120512 [details] [review]
Fix vprp chunk writing

This patch fixes what might cause segfaults in rare circumstances (and this might be an example case of it):

* Fix vprp setup in header (which has nothing to do with codec_data size).
Comment 2 Jan Schmidt 2008-10-21 12:43:18 UTC
Thanks! Committed:
        * gst/avi/gstavimux.c:
        Fix VPRP chunk setup in avimux.
        Fixes: #556010
        Patch By: Mark Nauwelaerts <mark.nauwelaerts@collabora.co.uk>