After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 629047 - segfault in seek matroskademux
segfault in seek matroskademux
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
0.10.25
Other Linux
: High critical
: 0.10.26
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 634445 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2010-09-08 12:10 UTC by Levente Farkas
Modified: 2018-07-24 08:44 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
streamable matroska file (211.91 KB, video/x-matroska)
2010-09-08 14:33 UTC, Tibor Kocsis 		  Details
Unref buffer when not needed anymore (1.89 KB, patch)
2010-09-08 14:36 UTC, Andoni Morales 		none Details | Review

Description Levente Farkas 2010-09-08 12:10:27 UTC 
while we try to test the currently added seek support in matroskademux we found that while we create a new file with:
-------------------------------------------
gst-launch rtspsrc location="rtsp://admin:12345@10.30.0.106:554/h.264/ch1/main" latency=1000 ! rtph264depay access-unit=true ! h264parse  ! matroskamux streamable=true ! filesink location="test.mkv"
-------------------------------------------
stop the recording with ctrl-c (and gst-launch has no -e option), the read it with
-------------------------------------------
gst-launch filesrc location="test.mkv" ! matroskademux ! h264parse ! ffdec_h264 ! navseek ! xvimagesink
-------------------------------------------
when you push left or right button (ie. try to seek) it crash with seg. fault.
Comment 1 Sebastian Dröge (slomo) 2010-09-08 12:16:25 UTC 
Thanks for taking the time to report this bug.
This bug report isn't very useful because it doesn't describe the bug well. If you have time and can still reproduce the bug, please read http://bugzilla.gnome.org/bug-HOWTO.html and add a description of how to reproduce this bug.

You'll also need to add a stack trace; please see http://live.gnome.org/GettingTraces for more information about how to do so. Thanks in advance!
Comment 2 Tibor Kocsis 2010-09-08 14:32:27 UTC 
Hi,

I attach a file recorded with matroskamux streamable=true, try to seek that. Using this pipeline it goes to segfault:

gst-launch filesrc location="test_streamable.mkv" ! matroskademux ! h264parse ! ffdec_h264 ! navseek ! xvimagesink

Caught SIGSEGV accessing address 0x14

+ Trace 223596

  • #0 __kernel_vsyscall
  • #1 ??
  • #2 ??
  • #3 ??
  • #4 ??
  • #5 ??
  • #6 ??
  • #7 ??
  • #8 ??
  • #9 ?? 

Regards,
Tibor
Comment 3 Tibor Kocsis 2010-09-08 14:33:03 UTC 
Created attachment 169768 [details]
streamable matroska file
Comment 4 Andoni Morales 2010-09-08 14:36:10 UTC 
Created attachment 169770 [details] [review]
Unref buffer when not needed anymore

I can reproduce it:

[Cambiando a Thread 0xb7e41b70 (LWP 22644)]
0x006baffc in gst_matroska_demux_search_pos (demux=<value optimized out>, pad=<value optimized out>, event=0x82a82c8) at matroska-demux.c:2397
2397	    cluster_pos = gst_byte_reader_masked_scan_uint32 (&reader, 0xffffffff,
(gdb) bt

+ Trace 223597

  • #0 gst_matroska_demux_search_pos
    at matroska-demux.c line 2397
  • #1 gst_matroska_demux_handle_seek_event
    at matroska-demux.c line 2625
  • #2 gst_matroska_demux_handle_seek_push
    at matroska-demux.c line 2791
  • #3 gst_matroska_demux_handle_src_event
    at matroska-demux.c line 2810
  • #4 gst_pad_send_event
    at gstpad.c line 5102
  • #5 gst_pad_push_event
    at gstpad.c line 4958
  • #6 gst_ffmpegdec_src_event
    at gstffmpegdec.c line 559
  • #7 gst_pad_send_event
    at gstpad.c line 5102
  • #8 gst_navseek_seek
    at gstnavseek.c line 145
  • #9 gst_navseek_handle_src_event
    at gstnavseek.c line 213
  • #10 gst_pad_send_event
    at gstpad.c line 5102
  • #11 gst_xvimagesink_navigation_send_event
    at xvimagesink.c line 2719
  • #12 gst_navigation_send_event
    at navigation.c line 117
  • #13 gst_navigation_send_key_event
    at navigation.c line 133
  • #14 gst_xvimagesink_handle_xevents
    at xvimagesink.c line 1261
  • #15 gst_xvimagesink_event_thread
    at xvimagesink.c line 1652
  • #16 ??
    from /lib/libglib-2.0.so.0
  • #17 start_thread
    at pthread_create.c line 300
  • #18 clone
    at ../sysdeps/unix/sysv/linux/i386/clone.S line 130 




buf is unreffed after 'if(cluster_pos >=0)' but then, you can go back to resume, which will use GST_BUFFER_SIZE(buf).
I have tried the following patch but then it triggers  'g_assert(id==GST_MATROSKA_ID_CLUSTER)'
Comment 5 Andoni Morales 2010-09-08 15:13:46 UTC 
BTW, the patch is just a quick hack to point the issue.
Comment 6 Mark Nauwelaerts 2010-10-05 14:16:05 UTC 
commit bb9a8a9b7d78e6bf8aa848ea40080999f0daf0d4
Author: Mark Nauwelaerts <mark.nauwelaerts@collabora.co.uk>
Date:   Tue Oct 5 16:01:19 2010 +0200

    matroskademux: only unref buffer when no longer needed for cluster scanning
    
    Fixes #629047.
Comment 7 Mark Nauwelaerts 2010-11-15 10:13:31 UTC 
*** Bug 634445 has been marked as a duplicate of this bug. ***