After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 760696 - gl: Regression with caps ref-couting
gl: Regression with caps ref-couting
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
git master
Other Linux
: Normal blocker
: 1.7.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2016-01-16 02:19 UTC by Nicolas Dufresne (ndufresne)
Modified: 2016-01-16 15:14 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Nicolas Dufresne (ndufresne) 2016-01-16 02:19:50 UTC
I updated to git master today, and found that quick resize of the GL window lead to GstCaps ref-couting issues.

gst-launch-1.0 videotestsrc ! glimagesink
(gst-launch-1.0:29494): GStreamer-CRITICAL **: gst_mini_object_unref: assertion 'mini_object->refcount > 0' failed

gst-launch-1.0 videotestsrc ! glupload ! glcolorconvert ! clockoverlay ! glimagesink
(gst-launch-1.0:29632): GStreamer-CRITICAL **: gst_caps_is_empty: assertion 'GST_IS_CAPS (caps)' failed

(gst-launch-1.0:29632): GStreamer-CRITICAL **: gst_caps_get_features: assertion 'GST_IS_CAPS (caps)' failed

(gst-launch-1.0:29632): GStreamer-CRITICAL **: _gst_caps_copy: assertion 'GST_IS_CAPS (caps)' failed

(gst-launch-1.0:29632): GStreamer-CRITICAL **: gst_caps_get_features: assertion 'GST_IS_CAPS (caps)' failed

(gst-launch-1.0:29632): GStreamer-CRITICAL **: gst_caps_features_add: assertion 'features != NULL' failed
Caught SIGSEGV
Comment 1 Nicolas Dufresne (ndufresne) 2016-01-16 02:27:10 UTC
Which I catched in valgrind:

==30178== Invalid read of size 4
==30178==    at 0x4E7E26A: gst_caps_get_structure (gstcaps.c:819)
==30178==    by 0xE748887: update_output_format (gstglimagesink.c:1234)
==30178==    by 0xE7493E3: gst_glimage_sink_prepare (gstglimagesink.c:1487)
==30178==    by 0xE2404E9: gst_base_sink_chain_unlocked (gstbasesink.c:3473)
==30178==    by 0xE241425: gst_base_sink_chain_main (gstbasesink.c:3655)
==30178==    by 0xE241594: gst_base_sink_chain (gstbasesink.c:3684)
==30178==    by 0x4EBF6B9: gst_pad_chain_data_unchecked (gstpad.c:4155)
==30178==    by 0x4EC0452: gst_pad_push_data (gstpad.c:4407)
==30178==    by 0x4EC0B7A: gst_pad_push (gstpad.c:4526)
==30178==    by 0xE258F59: gst_base_transform_chain (gstbasetransform.c:2369)
==30178==    by 0x4EBF6B9: gst_pad_chain_data_unchecked (gstpad.c:4155)
==30178==    by 0x4EC0452: gst_pad_push_data (gstpad.c:4407)
==30178==  Address 0x1a4870b8 is 8 bytes inside a block of size 40 free'd
==30178==    at 0x4C29D6A: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30178==    by 0x592A5ED: g_free (gmem.c:189)
==30178==    by 0x5941D9C: g_slice_free1 (gslice.c:1112)
==30178==    by 0x58F86A4: array_free (garray.c:379)
==30178==    by 0x4E7CF82: _gst_caps_free (gstcaps.c:204)
==30178==    by 0x4EB2E6D: gst_mini_object_unref (gstminiobject.c:467)
==30178==    by 0xE252533: gst_caps_unref (gstcaps.h:222)
==30178==    by 0xE256128: gst_base_transform_reconfigure (gstbasetransform.c:1478)
==30178==    by 0xE2579F1: default_submit_input_buffer (gstbasetransform.c:2026)
==30178==    by 0xE258D59: gst_base_transform_chain (gstbasetransform.c:2326)
==30178==    by 0x4EBF6B9: gst_pad_chain_data_unchecked (gstpad.c:4155)
==30178==    by 0x4EC0452: gst_pad_push_data (gstpad.c:4407)
==30178==  Block was alloc'd at
==30178==    at 0x4C28C50: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30178==    by 0x592A4D8: g_malloc (gmem.c:94)
==30178==    by 0x5941622: g_slice_alloc (gslice.c:1007)
==30178==    by 0x58F873C: g_array_sized_new (garray.c:193)
==30178==    by 0x4E7D038: gst_caps_init (gstcaps.c:225)
==30178==    by 0x4E7D068: gst_caps_new_empty (gstcaps.c:245)
==30178==    by 0x4E8013E: gst_caps_intersect_first (gstcaps.c:1610)
==30178==    by 0x4E80406: gst_caps_intersect_full (gstcaps.c:1663)
==30178==    by 0xE2551A4: gst_base_transform_find_transform (gstbasetransform.c:1192)
==30178==    by 0xE255A97: gst_base_transform_setcaps (gstbasetransform.c:1359)
==30178==    by 0xE257747: gst_base_transform_sink_eventfunc (gstbasetransform.c:1939)
==30178==    by 0xE2575D4: gst_base_transform_sink_event (gstbasetransform.c:1898)
Comment 2 Sebastian Dröge (slomo) 2016-01-16 14:55:05 UTC
3bdcdedfa00b87f1db505218789178318a16c743 seems related to all this, but also (as Nicolas already wrote on the mailing list) it looks completely wrong.
Comment 3 Sebastian Dröge (slomo) 2016-01-16 15:14:55 UTC
commit c08c795bb42768ecd26bc524d62833bc962e860e
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Sat Jan 16 17:12:29 2016 +0200

    glcolorconvert: Caps passed to fixate_caps() are not owned by us and guaranteed to be fixed
    
    So don't try to fixate them, which takes ownership and steals them from
    basetransform.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=760696

commit 2018167ee2a11372f21b8d98ac06f422115711c8
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Sat Jan 16 16:55:42 2016 +0200

    Revert "glpool: fix caps refcount issue"
    
    This reverts commit 3bdcdedfa00b87f1db505218789178318a16c743.
    
    gst_caps_replace() takes a new reference already, if there is a problem then
    it is elsewhere. And there are a few problems, see
    https://bugzilla.gnome.org/show_bug.cgi?id=760696