After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 568689 - SIGEV using ffenc_wmav2
SIGEV using ffenc_wmav2
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-libav
git master
Other Linux
: Normal major
: 0.10.8
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2009-01-22 13:22 UTC by Julien Isorce
Modified: 2009-08-10 23:51 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Valgrind log (10.17 KB, text/plain)
2009-01-31 17:39 UTC, Mark Nauwelaerts 		  Details
Workaround patch (812 bytes, patch)
2009-02-02 21:11 UTC, Mark Nauwelaerts 		none Details | Review

Description Julien Isorce 2009-01-22 13:22:21 UTC 
---steps:

It crashs on a very particular sound (noise + saturation). On both ubuntu intrepid and windows.
I can send you the file by email.

gst-launch-0.10 filesrc location=julien'sfile.wav ! wavparse ! ffenc_wmav2 ! fakesink sync=1


---track:

at gstffmpegenc.c:776:  
"subbuf = gst_buffer_join (ffmpegenc->cache, subbuf);"

0:00:00.394646468 21370  0x9f2d858 DEBUG               ffmpeg gstffmpegenc.c:711:gst_ffmpegenc_chain_audio:<ffenc_wmav20> Received buffer of time 0:00:17.066666667 and size 4096 (cache: 4096)
0:00:00.395027437 21370  0x9f2d858 DEBUG               ffmpeg gstffmpegenc.c:711:gst_ffmpegenc_chain_audio:<ffenc_wmav20> Received buffer of time 0:00:17.089886622 and size 4096 (cache: 0)
0:00:00.395050424 21370  0x9f2d858 DEBUG               ffmpeg gstffmpegenc.c:711:gst_ffmpegenc_chain_audio:<ffenc_wmav20> Received buffer of time 0:00:17.113106576 and size 4096 (cache: 4096)
0:00:00.395836829 21370  0x9f2d858 DEBUG               ffmpeg gstffmpegenc.c:711:gst_ffmpegenc_chain_audio:<ffenc_wmav20> Received buffer of time 0:00:17.136326531 and size 4096 (cache: 0)
0:00:00.395859710 21370  0x9f2d858 DEBUG               ffmpeg gstffmpegenc.c:711:gst_ffmpegenc_chain_audio:<ffenc_wmav20> Received buffer of time 0:00:17.159546486 and size 4096 (cache: 4096)
Caught SIGSEGV accessing address 0xd0c007


---backtrace:

Passage du pipeline à la phase PLAYING...
New clock: GstSystemClock

Program received signal SIGSEGV, Segmentation fault.

+ Trace 211762

Thread 3070856080 (LWP 20831)

  • #0 ??
    from /lib/tls/i686/cmov/libc.so.6
  • #1 free
    from /lib/tls/i686/cmov/libc.so.6
  • #2 g_free
    from /usr/lib/libglib-2.0.so.0
  • #3 gst_buffer_finalize
    at gstbuffer.c line 190
  • #4 gst_mini_object_unref
    at gstminiobject.c line 320
  • #5 gst_base_sink_set_last_buffer
    at gstbasesink.c line 893
  • #6 gst_base_sink_render_object
    at gstbasesink.c line 2343
  • #7 gst_base_sink_queue_object_unlocked
    at gstbasesink.c line 2566
  • #8 gst_base_sink_chain_unlocked
    at gstbasesink.c line 2923
  • #9 gst_base_sink_chain
    at gstbasesink.c line 2964
  • #10 gst_pad_chain_unchecked
    at gstpad.c line 3890
  • #11 gst_pad_push
    at gstpad.c line 4057
  • #12 gst_ffmpegenc_chain_audio
    at gstffmpegenc.c line 776
  • #13 gst_pad_chain_unchecked
    at gstpad.c line 3890
  • #14 gst_pad_push
    at gstpad.c line 4057
  • #15 gst_wavparse_stream_data
    at gstwavparse.c line 1777
  • #16 gst_wavparse_loop
    at gstwavparse.c line 1851
  • #17 gst_task_func
    at gsttask.c line 192
  • #18 ??
    from /usr/lib/libglib-2.0.so.0
  • #19 ??
    from /usr/lib/libglib-2.0.so.0
  • #20 start_thread
    from /lib/tls/i686/cmov/libpthread.so.0
  • #21 clone
    from /lib/tls/i686/cmov/libc.so.6 

I am not sure it comes from wmaenc. from ffmpeg code because:
ffmpeg -i juliensfile.wav -f asf -acodec wmav2 -ab 128k out.asf
works fine.

Tell me how to send you the wav file.

Sincerely

Julien
Comment 1 Julien Isorce 2009-01-22 13:24:29 UTC 
line 776 is "ret = gst_pad_push (ffmpegenc->srcpad, outbuf);"

(not "subbuf = gst_buffer_join (ffmpegenc->cache, subbuf);" )
Comment 2 Mark Nauwelaerts 2009-01-31 17:39:53 UTC 
Created attachment 127641 [details]
Valgrind log

Valgrind does not seem to like what the ffmpeg encoder is doing.
Comment 3 Julien Isorce 2009-01-31 19:11:26 UTC 
Actually, I believed it was a bug in wmaenc.c from ffmpeg code, but the following:
ffmpeg -i juliensfile.wav -f asf -acodec wmav2 -ab 128k out.asf
seems to work fine.
So I cannot reproduce the bug using only "ffmpeg".

So maybe gst-ffmpeg is not using the encoder as expected and that why we get a crash with:
gst-launch-0.10 filesrc location=julien'sfile.wav ! wavparse ! ffenc_wmav2 !
fakesink sync=0

So what do you think ? gstreamer or ffmpeg bug ?
If ffmpeg bug, how can I report it because the minimal test to reproduce is using gstreamer ...  ?

Mark have you tested with the audio.wav and audio2.wav I sent you ?  (because I can see test.wav in your valgrind log)

(If other guys want to reproduce the bug, I have to send you the wav file)

Cap.
Comment 4 Mark Nauwelaerts 2009-02-02 21:02:59 UTC 
[Yes, I tested with those files, but what's in a name, etc ]

It is an ffmpeg bug.  More specifically, the bitstream writing that is done in ffmpeg's bitstream.h (used by wmaenc a.o.) performs no buffer overflow checking whatsoever.  wmaenc basically varies some parameter(s) trying to squeeze the result into the buffer (too bad if it overruns in the process), and only checks that the last attempt actually fits.

It happens to work in the ffmpeg binary because the buffer size used there is a lot bigger than typically used in ffenc_... (though big enough for most material).
Comment 5 Mark Nauwelaerts 2009-02-02 21:11:33 UTC 
Created attachment 127788 [details] [review]
Workaround patch

* Adjust encoder audio output buffer size to match ffmpeg's
[attempting to reduce "... but it works in ffmpeg"]

No absolute guarantee though that this will work safely in all cases (nor ffmpeg for that matter), or that it will conceal problems similarly to ffmpeg (as I believe it always uses the same output buffer, where ffenc_... uses a new one each time, so maybe more memory to mess up there, etc)
Comment 6 Edward Hervey 2009-02-08 10:27:59 UTC 
Mark, any chance we could/should have a patch for upstream ffmpeg ? We should get these issues fixed upstream as much as possible.

If we can't come up with a clean upstream fix/patch ... we can fix it in gst-ffmpeg using your provided patch.
Comment 7 Mark Nauwelaerts 2009-02-10 10:17:08 UTC 
Well, opinions may vary here.  Most appropriate seems to be to add buffer size checks prior to actual writing in bitstream.h, which would entail some if'ing in inner(most) loop in a variety of flavours (aligned, unaligned, assembly) while trying to preserve writing effects/semantics.  That may not be considered clean or highly appreciated upstream (?)
Comment 8 Julien Isorce 2009-02-22 19:36:51 UTC 
Hi,

Or checks then just return an appropriate gst error (and stop the pipeline) instead of 
"entail some if'ing in inner(most) loop in a variety of flavours(aligned, unaligned, assembly)while trying to preserve writing effects/semantics."
in order to avoid a crash.
Comment 9 Mark Nauwelaerts 2009-02-23 21:22:31 UTC 
The if'ing involved would perform checks not to exceed buffer size.
However, such checks are not possible at the high level ffmpeg call (performed by gst), and on low (inner loop) ffmpeg level ... well that involves what was mentioned earlier (and is ffmpeg internal, so no gst error can live there).
Comment 10 Wim Taymans 2009-05-25 15:14:33 UTC 
Please retest with latest git versions, the encoder wrapper was rewritten.
Comment 11 Julien Isorce 2009-05-26 12:18:26 UTC 
It's fixed now, nice.

It was crashing just before this following commit:
http://cgit.freedesktop.org/gstreamer/gst-ffmpeg/commit/?id=25b41829b930c2577632cba82654c1fdf618bd8f

And this commit resolved the problem.