GNOME Bugzilla – Bug 587819
[mpegtsparse] crash because of double free
Last modified: 2009-07-08 15:56:28 UTC
Steps to reproduce: Start scanning with a DVB-S card. The application runs for several seconds, finds some channel and then crashes. A stack trace and log from --debug attached. Stack trace: media ~ # gnome-dvb-daemon -d &> gnome-dvb-daemon.log *** glibc detected *** gnome-dvb-daemon: double free or corruption (fasttop): 0x08869de8 *** ======= Backtrace: ========= /lib/libc.so.6[0xb7944370] /lib/libc.so.6(cfree+0x89)[0xb7945d89] /usr/lib/libglib-2.0.so.0(g_free+0x31)[0xb7a54841] /usr/lib/gstreamer-0.10/libgstmpegdemux.so[0xb6fee79f] /usr/lib/libgstreamer-0.10.so.0[0xb7d080bc] ======= Memory map: ======== 08048000-080a2000 r-xp 00000000 09:03 330192 /usr/bin/gnome-dvb-daemon 080a2000-080a3000 r--p 00059000 09:03 330192 /usr/bin/gnome-dvb-daemon 080a3000-080a4000 rw-p 0005a000 09:03 330192 /usr/bin/gnome-dvb-daemon 086ec000-08896000 rw-p 00000000 00:00 0 [heap] b6600000-b6621000 rw-p 00000000 00:00 0 b6621000-b6700000 ---p 00000000 00:00 0 b6727000-b6733000 r-xp 00000000 09:03 10945 /usr/lib/gcc/i686-pc-linux-gnu/4.3.2/libgcc_s.so.1 b6733000-b6734000 r--p 0000b000 09:03 10945 /usr/lib/gcc/i686-pc-linux-gnu/4.3.2/libgcc_s.so.1 b6734000-b6735000 rw-p 0000c000 09:03 10945 /usr/lib/gcc/i686-pc-linux-gnu/4.3.2/libgcc_s.so.1 b6735000-b6736000 ---p 00000000 00:00 0 b6736000-b6f36000 rw-p 00000000 00:00 0 b6f36000-b6f62000 r-xp 00000000 09:03 331062 /usr/lib/gstreamer-0.10/libgstcoreelements.so b6f62000-b6f63000 r--p 0002b000 09:03 331062 /usr/lib/gstreamer-0.10/libgstcoreelements.so b6f63000-b6f64000 rw-p 0002c000 09:03 331062 /usr/lib/gstreamer-0.10/libgstcoreelements.so b6f64000-b6fb3000 r-xp 00000000 09:03 20019 /usr/lib/liboil-0.3.so.0.3.0 b6fb3000-b6fb4000 r--p 0004e000 09:03 20019 /usr/lib/liboil-0.3.so.0.3.0 b6fb4000-b6fca000 rw-p 0004f000 09:03 20019 /usr/lib/liboil-0.3.so.0.3.0 b6fca000-b6fcc000 rw-p 00000000 00:00 0 b6fcc000-b6ffc000 r-xp 00000000 09:03 331084 /usr/lib/gstreamer-0.10/libgstmpegdemux.so b6ffc000-b6ffd000 r--p 0002f000 09:03 331084 /usr/lib/gstreamer-0.10/libgstmpegdemux.so b6ffd000-b6ffe000 rw-p 00030000 09:03 331084 /usr/lib/gstreamer-0.10/libgstmpegdemux.so b6ffe000-b701f000 r--p 00000000 09:03 60620 /usr/share/locale/pl/LC_MESSAGES/libc.mo b701f000-b7031000 r-xp 00000000 09:03 332565 /usr/lib/gstreamer-0.10/libgstdvb.so b7031000-b7032000 r--p 00011000 09:03 332565 /usr/lib/gstreamer-0.10/libgstdvb.so b7032000-b7033000 rw-p 00012000 09:03 332565 /usr/lib/gstreamer-0.10/libgstdvb.so b7033000-b7034000 ---p 00000000 00:00 0 b7034000-b7834000 rw-p 00000000 00:00 0 b7834000-b783d000 r-xp 00000000 09:03 7323 /lib/libnss_files-2.8.so b783d000-b783e000 r--p 00008000 09:03 7323 /lib/libnss_files-2.8.so b783e000-b783f000 rw-p 00009000 09:03 7323 /lib/libnss_files-2.8.so b783f000-b7847000 r-xp 00000000 09:03 7339 /lib/libnss_nis-2.8.so b7847000-b7848000 r--p 00007000 09:03 7339 /lib/libnss_nis-2.8.so b7848000-b7849000 rw-p 00008000 09:03 7339 /lib/libnss_nis-2.8.so b7849000-b784f000 r-xp 00000000 09:03 7417 /lib/libnss_compat-2.8.so b784f000-b7850000 r--p 00005000 09:03 7417 /lib/libnss_compat-2.8.so b7850000-b7851000 rw-p 00006000 09:03 7417 /lib/libnss_compat-2.8.so b785e000-b7865000 r--s 00000000 09:03 20317 /usr/lib/gconv/gconv-modules.cache b7865000-b78d7000 r--p 00000000 09:03 20183 /usr/lib/locale/locale-archive b78d7000-b78da000 rw-p 00000000 00:00 0 b78da000-b7a0e000 r-xp 00000000 09:03 6728 /lib/libc-2.8.so b7a0e000-b7a10000 r--p 00133000 09:03 6728 /lib/libc-2.8.so b7a10000-b7a11000 rw-p 00135000 09:03 6728 /lib/libc-2.8.so b7a11000-b7a14000 rw-p 00000000 00:00 0 b7a14000-b7ae3000 r-xp 00000000 09:03 18756 /usr/lib/libglib-2.0.so.0.1800.4 b7ae3000-b7ae4000 r--p 000cf000 09:03 18756 /usr/lib/libglib-2.0.so.0.1800.4 b7ae4000-b7ae5000 rw-p 000d0000 09:03 18756 /usr/lib/libglib-2.0.so.0.1800.4 b7ae5000-b7b09000 r-xp 00000000 09:03 7344 /lib/libm-2.8.so b7b09000-b7b0a000 r--p 00023000 09:03 7344 /lib/libm-2.8.so b7b0a000-b7b0b000 rw-p 00024000 09:03 7344 /lib/libm-2.8.so b7b0b000-b7b1c000 r-xp 00000000 09:03 7365 /lib/libz.so.1.2.3 b7b1c000-b7b1d000 r--p 00010000 09:03 7365 /lib/libz.so.1.2.3 b7b1d000-b7b1e000 rw-p 00011000 09:03 7365 /lib/libz.so.1.2.3 b7b1e000-b7b20000 r-xp 00000000 09:03 6672 /lib/libdl-2.8.so b7b20000-b7b21000 r--p 00001000 09:03 6672 /lib/libdl-2.8.so b7b21000-b7b22000 rw-p 00002000 09:03 6672 /lib/libdl-2.8.so b7b22000-b7c40000 r-xp 00000000 09:03 23980 /usr/lib/libxml2.so.2.7.3 b7c40000-b7c44000 r--p 0011e000 09:03 23980 /usr/lib/libxml2.so.2.7.3 b7c44000-b7c45000 rw-p 00122000 09:03 23980 /usr/lib/libxml2.so.2.7.3 b7c45000-b7c46000 rw-p 00000000 00:00 0 b7c46000-b7c4d000 r-xp 00000000 09:03 7456 /lib/librt-2.8.so b7c4d000-b7c4e000 r--p 00006000 09:03 7456 /lib/librt-2.8.so b7c4e000-b7c4f000 rw-p 00007000 09:03 7456 /lib/librt-2.8.so b7c4f000-b7c50000 rw-p 00000000 00:00 0 b7c50000-b7c64000 r-xp 00000000 09:03 7364 /lib/libpthread-2.8.so b7c64000-b7c65000 r--p 00013000 09:03 7364 /lib/libpthread-2.8.so b7c65000-b7c66000 rw-p 00014000 09:03 7364 /lib/libpthread-2.8.so b7c66000-b7c68000 rw-p 00000000 00:00 0 b7c68000-b7c6c000 r-xp 00000000 09:03 19599 /usr/lib/libgthread-2.0.so.0.1800.4 b7c6c000-b7c6d000 r--p 00003000 09:03 19599 /usr/lib/libgthread-2.0.so.0.1800.4 b7c6d000-b7c6e000 rw-p 00004000 09:03 19599 /usr/lib/libgthread-2.0.so.0.1800.4 b7c6e000-b7c71000 r-xp 00000000 09:03 20158 /usr/lib/libgmodule-2.0.so.0.1800.4 b7c71000-b7c72000 r--p 00002000 09:03 20158 /usr/lib/libgmodule-2.0.so.0.1800.4 b7c72000-b7c73000 rw-p 00003000 09:03 20158 /usr/lib/libgmodule-2.0.so.0.1800.4 b7c73000-b7cae000 r-xp 00000000 09:03 10162 /usr/lib/libgobject-2.0.so.0.1800.4 b7cae000-b7caf000 r--p 0003b000 09:03 10162 /usr/lib/libgobject-2.0.so.0.1800.4 b7caf000-b7cb0000 rw-p 0003c000 09:03 10162 /usr/lib/libgobject-2.0.so.0.1800.4 b7cb0000-b7d70000 r-xp 00000000 09:03 331047 /usr/lib/libgstreamer-0.10.so.0.20.0 b7d70000-b7d73000 r--p 000bf000 09:03 331047 /usr/lib/libgstreamer-0.10.so.0.20.0 b7d73000-b7d75000 rw-p 000c2000 09:03 331047 /usr/lib/libgstreamer-0.10.so.0.20.0 b7d75000-b7d76000 rw-p 00000000 00:00 0 b7d76000-b7db1000 r-xp 00000000 09:03 331438 /usr/lib/libgstbase-0.10.so.0.20.0 b7db1000-b7db2000 r--p 0003b000 09:03 331438 /usr/lib/libgstbase-0.10.so.0.20.0 b7db2000-b7db3000 rw-p 0003c000 09:03 331438 /usr/lib/libgstbase-0.10.so.0.20.0 b7db3000-b7db4000 rw-p 00000000 00:00 0 b7db4000-b7dbf000 r-xp 00000000 09:03 332797 /usr/lib/libgstapp-0.10.so.0.16.0 b7dbf000-b7dc0000 r--p 0000a000 09:03 332797 /usr/lib/libgstapp-0.10.so.0.16.0 b7dc0000-b7dc1000 rw-p 0000b000 09:03 332797 /usr/lib/libgstapp-0.10.so.0.16.0 b7dc1000-b7dc7000 r-xp 00000000 09:03 332838 /usr/lib/libgstsdp-0.10.so.0.16.0 b7dc7000-b7dc8000 r--p 00006000 09:03 332838 /usr/lib/libgstsdp-0.10.so.0.16.0 b7dc8000-b7dc9000 rw-p 00007000 09:03 332838 /usr/lib/libgstsdp-0.10.so.0.16.0 b7dc9000-b7ddc000 r-xp 00000000 09:03 331866 /usr/lib/libgstrtsp-0.10.so.0.16.0 b7ddc000-b7ddd000 r--p 00012000 09:03 331866 /usr/lib/libgstrtsp-0.10.so.0.16.0 b7ddd000-b7dde000 rw-p 00013000 09:03 331866 /usr/lib/libgstrtsp-0.10.so.0.16.0 b7dde000-b7def000 r-xp 00000000 09:03 331583 /usr/lib/libgstrtp-0.10.so.0.16.0 b7def000-b7df0000 r--p 00011000 09:03 331583 /usr/lib/libgstrtp-0.10.so.0.16.0 b7df0000-b7df1000 rw-p 00012000 09:03 331583 /usr/lib/libgstrtp-0.10.so.0.16.0 b7df1000-b7e05000 r-xp 00000000 09:03 334101 /usr/lib/libgstrtspserver-0.10.so.0.0.0 b7e05000-b7e06000 r--p 00013000 09:03 334101 /usr/lib/libgstrtspserver-0.10.so.0.0.0 b7e06000-b7e07000 rw-p 00014000 09:03 334101 /usr/lib/libgstrtspserver-0.10.so.0.0.0 b7e07000-b7e08000 rw-p 00000000 00:00 0 b7e08000-b7e84000 r-xp 00000000 09:03 325302 /usr/lib/libsqlite3.so.0.8.6 b7e84000-b7e85000 r--p 0007b000 09:03 325302 /usr/lib/libsqlite3.so.0.8.6 b7e85000-b7e87000 rw-p 0007c000 09:03 325302 /usr/lib/libsqlite3.so.0.8.6 b7e87000-b7e97000 r-xp 00000000 09:03 322781 /usr/lib/libgee.so.0.0.0 b7e97000-b7e98000 r--p 0000f000 09:03 322781 /usr/lib/libgee.so.0.0.0 b7e98000-b7e99000 rw-p 00010000 09:03 322781 /usr/lib/libgee.so.0.0.0 b7e99000-b7ed1000 r-xp 00000000 09:03 330673 /usr/lib/libdbus-1.so.3.4.0 b7ed1000-b7ed2000 r--p 00037000 09:03 330673 /usr/lib/libdbus-1.so.3.4.0 b7ed2000-b7ed3000 rw-p 00038000 09:03 330673 /usr/lib/libdbus-1.so.3.4.0 b7ed3000-b7ee6000 r-xp 00000000 09:03 7437 /lib/libnsl-2.8.so b7ee6000-b7ee7000 r--p 00012000 09:03 7437 /lib/libnsl-2.8.so b7ee7000-b7ee8000 rw-p 00013000 09:03 7437 /lib/libnsl-2.8.so b7ee8000-b7eea000 rw-p 00000000 00:00 0 b7eea000-b7f06000 r-xp 00000000 09:03 324713 /usr/lib/libdbus-glib-1.so.2.1.0 b7f06000-b7f07000 r--p 0001b000 09:03 324713 /usr/lib/libdbus-glib-1.so.2.1.0 b7f07000-b7f08000 rw-p 0001c000 09:03 324713 /usr/lib/libdbus-glib-1.so.2.1.0 b7f08000-b7f6b000 r-xp 00000000 09:03 20082 /usr/lib/libgio-2.0.so.0.1800.4 b7f6b000-b7f6c000 r--p 00062000 09:03 20082 /usr/lib/libgio-2.0.so.0.1800.4 b7f6c000-b7f6d000 rw-p 00063000 09:03 20082 /usr/lib/libgio-2.0.so.0.1800.4 b7f6d000-b7f6e000 rw-p 00000000 00:00 0 b7f6e000-b7f72000 r-xp 00000000 09:03 20452 /usr/lib/gconv/ISO_6937.so b7f72000-b7f73000 r--p 00003000 09:03 20452 /usr/lib/gconv/ISO_6937.so b7f73000-b7f74000 rw-p 00004000 09:03 20452 /usr/lib/gconv/ISO_6937.so b7f74000-b7f7b000 r--p 00000000 09:03 331402 /usr/share/locale/pl/LC_MESSAGES/gstreamer-0.10.mo b7f7b000-b7f7c000 r-xp 00000000 00:00 0 [vdso] b7f7c000-b7f97000 r-xp 00000000 09:03 6667 /lib/ld-2.8.so b7f97000-b7f98000 r--p 0001a000 09:03 6667 /lib/ld-2.8.so b7f98000-b7f99000 rw-p 0001b000 09:03 6667 /lib/ld-2.8.so bfb6c000-bfb81000 rw-p 00000000 00:00 0 [stack] Przerwane Other information:
Created attachment 137879 [details] Debug log file
Could you please try to get a stack trace with gdb?
OK after some recompilation I think I managed to log a useful trace:
+ Trace 216329
Thanks a lot! Which version of gst-plugins-bad are you using?
gstreamer itself, gst-plugins -good and -bad from git on 2009.07.03.
Created attachment 137909 [details] [review] Don't free stream again Could you please try if the attached path works for you?
Yes seems that this works. The scanner didn't crash anymore.
Please don't close the bug until the fix has actually been committed, otherwise we might forget about committing it.
Yeah I thought so after closing it but couldn't find a correct state... Like 'Fix attached' or something, so I thought leaving it for now and if noone picked it up try to get someone's attention...
commit 6f371658557c0ee139d7ff92562fef31d3d5c7a4 Author: Sebastian Pölsterl <sebp@k-d-w.org> Date: Wed Jul 8 15:26:07 2009 +0200 mpegtsdemux: Fix double free The hash table already makes sure that the stream is correctly free'd when elements are removed. Fixes bug #587819.