Bug 582702 – qtmux: crash in atom_moov_add_blob_tag

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 582702 - qtmux: crash in atom_moov_add_blob_tag


Summary:	qtmux: crash in atom_moov_add_blob_tag


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-bad
Version:	git master
Hardware:	Other Linux

Importance:	Normal blocker
Target Milestone:	0.10.12
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-05-15 02:39 UTC by David Schleef
Modified:	2009-05-15 13:07 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
The patch. (2.03 KB, patch) 2009-05-15 05:12 UTC, Thiago Sousa Santos	accepted-commit_now	Details \| Review

Description David Schleef 2009-05-15 02:39:48 UTC

ginger:~$ gdb -args gst-launch-0.10 filesrc location=media/wowow.mp4 ! decodebin ! ffmpegcolorspace ! qtmux ! fakesink -t
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(gdb) r
Starting program: /usr/local/bin/gst-launch-0.10 filesrc location=media/wowow.mp4 \! decodebin \! ffmpegcolorspace \! qtmux \! fakesink -t
[Thread debugging using libthread_db enabled]
[New Thread 0xb7a606c0 (LWP 12480)]
Setting pipeline to PAUSED ...
[New Thread 0xb78cfb90 (LWP 12484)]
Pipeline is PREROLLING ...
[New Thread 0xb6dffb90 (LWP 12485)]
FOUND TAG      : found by element "qtdemux0".
     audio codec: MPEG-4 AAC audio
[New Thread 0xb5e2ab90 (LWP 12486)]
FOUND TAG      : found by element "qtdemux0".
     video codec: H.264 / AVC
FOUND TAG      : found by element "qtdemux0".
         QT atom: buffer of 29 bytes, type: application/x-gst-qt-gsst-tag, style=(string)itunes
                : buffer of 30 bytes, type: application/x-gst-qt-gstd-tag, style=(string)itunes
FOUND TAG      : found by element "ewh264dec0".
     video codec: H.264
Pipeline is PREROLLED ...
Setting pipeline to PLAYING ...
New clock: GstSystemClock

Program received signal SIGSEGV, Segmentation fault.

+ Trace 215471

Thread 3051531152 (LWP 12486)

#0 atom_moov_add_blob_tag
at atoms.c line 2550
#1 gst_qt_mux_collected
at gstqtmux.c line 538
#2 gst_collect_pads_check_collected
at gstcollectpads.c line 1028
#3 gst_collect_pads_event
at gstcollectpads.c line 1128
#4 gst_qt_mux_sink_event
at gstqtmux.c line 1648
#5 gst_pad_send_event
at gstpad.c line 4964
#6 gst_pad_push_event
at gstpad.c line 4820
#7 gst_base_transform_sink_event
at gstbasetransform.c line 1667
#8 gst_pad_send_event
at gstpad.c line 4964
#9 gst_pad_push_event
at gstpad.c line 4820
#10 gst_proxy_pad_do_event
at gstghostpad.c line 128
#11 gst_pad_send_event
at gstpad.c line 4964
#12 gst_pad_push_event
at gstpad.c line 4820
#13 gst_base_video_decoder_sink_event
at gstbasevideodecoder.c line 219
#14 gst_pad_send_event
at gstpad.c line 4964
#15 gst_pad_push_event
at gstpad.c line 4820
#16 gst_queue_loop
at gstqueue.c line 1088
#17 gst_task_func
at gsttask.c line 234
#18 default_func
at gsttaskpool.c line 70
#19 g_thread_pool_thread_proxy
at /build/buildd/glib2.0-2.20.1/glib/gthreadpool.c line 265
#20 g_thread_create_proxy
at /build/buildd/glib2.0-2.20.1/glib/gthread.c line 635
#21 start_thread
at pthread_create.c line 297
#22 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

Comment 1 David Schleef 2009-05-15 02:41:40 UTC

This apparently has to do with the "itunes" style tag.  It doesn't crash if I apply this patch (which obviously isn't a fix):

diff --git a/gst/qtmux/gstqtmux.c b/gst/qtmux/gstqtmux.c
index b0df9d7..5c8de8e 100644
--- a/gst/qtmux/gstqtmux.c
+++ b/gst/qtmux/gstqtmux.c
@@ -533,7 +533,7 @@ gst_qt_mux_add_metadata_tags (GstQTMux * qtmux, const GstTag
         s = gst_caps_get_structure (caps, 0);
         if (s && (style = gst_structure_get_string (s, "style"))) {
           /* FIXME make into a parameter */
-          if (strcmp (style, "itunes") == 0) {
+          if (0 && strcmp (style, "itunes") == 0) {
             GST_DEBUG_OBJECT (qtmux, "Adding private tag");
             atom_moov_add_blob_tag (qtmux->moov, GST_BUFFER_DATA (buf),
                 GST_BUFFER_SIZE (buf));

Comment 2 Thiago Sousa Santos 2009-05-15 04:51:15 UTC

I'm tracking the problem, it seems that 'udta' is null at the line:

2550: ilst = moov->udta->meta->ilst;

that gdb reports.

That's because atom_moov_init_metatags is not being called before atom_moov_append_tag in atom_moov_add_blob_tag.

I'll attach a patch to call atom_moov_init_metatags from inside atom_moov_append_tag, it is safer.

Comment 3 Thiago Sousa Santos 2009-05-15 05:12:27 UTC

Created attachment 134684 [details] [review]
The patch.

Comment 4 Jan Schmidt 2009-05-15 09:15:17 UTC

Patch seems sensible

Comment 5 Thiago Sousa Santos 2009-05-15 12:25:08 UTC

Commited.


commit	405f80dec487103dfe52e6ce6aa3fb05db74e495 (patch)
tree	5411b39780c267cdcd7e763a2e4bccf163807197
parent	f5ba4904f794a107bc5d1e56f824789bca295383 (diff)


[qtmux] Fixes segfault when adding a blob as first tag.master
Moves tags data initialization to the function that actually appends
the tags to the list. Fixes #582702

Also fixes some style caught by the pre-commit hook.