After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 775687 - tagdemux: Crash if getrange/shutdown happen at the same time
tagdemux: Crash if getrange/shutdown happen at the same time
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-base
1.10.2
Other Linux
: Normal normal
: 1.10.3
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 755123 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2016-12-06 08:49 UTC by Christoph Reiter (lazka)
Modified: 2016-12-07 09:22 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
python crasher (616 bytes, text/plain)
2016-12-06 10:45 UTC, Christoph Reiter (lazka) 		Details
example mp3 (241.43 KB, audio/mpeg)
2016-12-06 11:28 UTC, Christoph Reiter (lazka) 		Details

Description Christoph Reiter (lazka) 2016-12-06 08:49:44 UTC 
I think this is something new/recent. Using debian sid with 1.10.2

I can easily reproduce and happened multiple times today.

Thread 10 "mpegaudioparse1" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffbe560700 (LWP 26649)]
g_str_hash (v=0x0) at ././glib/ghash.c:1876

+ Trace 236927

Thread 10 (Thread 0x7fffbe560700 (LWP 26649))

  • #0 g_str_hash
    at ././glib/ghash.c line 1876
  • #1 g_hash_table_lookup
    at ././glib/ghash.c line 375
  • #2 g_hash_table_lookup
    at ././glib/ghash.c line 1147
  • #3 gst_tag_lookup
    at gsttaglist.c line 466
  • #4 gst_tag_list_add_value_internal
    at gsttaglist.c line 1032
  • #5 gst_tag_list_copy_foreach
    at gsttaglist.c line 1110
  • #6 gst_structure_foreach
    at gststructure.c line 1126
  • #7 gst_tag_list_insert
    at gsttaglist.c line 1139
  • #8 gst_tag_list_merge
    at gsttaglist.c line 1176
  • #9 gst_tag_demux_send_tag_event
    at gsttagdemux.c line 1814
  • #10 gst_tag_demux_src_getrange
    at gsttagdemux.c line 1712
  • #11 gst_pad_get_range_unchecked
    at gstpad.c line 4666
  • #12 gst_pad_pull_range
    at gstpad.c line 4907
  • #13 gst_base_parse_pull_range
    at gstbaseparse.c line 3290
  • #14 gst_base_parse_scan_frame
    at gstbaseparse.c line 3426
  • #15 gst_base_parse_loop
    at gstbaseparse.c line 3540
  • #16 gst_task_func
    at gsttask.c line 334
  • #17 g_thread_pool_thread_proxy
    at ././glib/gthreadpool.c line 307
  • #18 g_thread_proxy
    at ././glib/gthread.c line 784
  • #19 start_thread
    at pthread_create.c line 333
  • #20 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 105 






Comment 1


Sebastian Dröge (slomo)





          2016-12-06 10:02:47 UTC
        



How can we reproduce this, can you provide a file where this happens?






Comment 2


Sebastian Dröge (slomo)





          2016-12-06 10:04:28 UTC
        



It looks like the taglist (or the tag being added by id3demux) has NULL has name






Comment 3


Christoph Reiter (lazka)





          2016-12-06 10:45:17 UTC
        



Created attachment 341454 [details]
python crasher

I hope you don't mind the Python script, I can rewrite in C if needed.

python2/3 gst-crash.py some.mp3

It crashes after a second here.






Comment 4


Sebastian Dröge (slomo)





          2016-12-06 11:20:06 UTC
        



Runs just fine here. It might be related to the files you're trying it on. Can you share one?






Comment 5


Sebastian Dröge (slomo)





          2016-12-06 11:24:20 UTC
        



Ah, got it now.






Comment 6


Christoph Reiter (lazka)





          2016-12-06 11:28:05 UTC
        



Created attachment 341460 [details]
example mp3

sure






Comment 7


Christoph Reiter (lazka)





          2016-12-06 11:29:27 UTC
        



Reminds me of this old stacktrace: https://bugzilla.gnome.org/show_bug.cgi?id=700342#c19

Maybe I'm unlucky today, or the original issue surfaced again.






Comment 8


Sebastian Dröge (slomo)





          2016-12-06 11:50:18 UTC
        



My C version also crashes.






Comment 9


Sebastian Dröge (slomo)





          2016-12-06 14:07:32 UTC
        



Found the problem






Comment 10


Sebastian Dröge (slomo)





          2016-12-06 14:31:09 UTC
        



commit 7c1a32e28b9d145ee25e3d3141dee7821ba8a7e2
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Tue Dec 6 16:29:23 2016 +0200

    tagdemux: Fix crash when shutting down element during getrange()
    
    Ensure that nothing is in any of the streaming thread functions
    anymore when going from PAUSED to READY. While the parent's state change
    function has deactivated all pads, there is nothing preventing
    downstream from activating our srcpad again and calling the getrange()
    function. Although we're in READY!
    
    https://bugzilla.gnome.org/show_bug.cgi?id=775687






Comment 11


Christoph Reiter (lazka)





          2016-12-06 15:36:46 UTC
        



I can confirm that the patch on top of 1.10.2 fixes the issue. Thanks!






Comment 12


Sebastian Dröge (slomo)





          2016-12-06 16:43:20 UTC
        



Ok, going to backport in a bit. This is not a new problem btw, it was broken like that since a long time






Comment 13


Tim-Philipp Müller





          2016-12-06 18:44:25 UTC
        



*** Bug 755123 has been marked as a duplicate of this bug. ***






Comment 14


Sebastian Dröge (slomo)





          2016-12-06 21:57:53 UTC
        



It might actually make sense to move (part of) the cleanup to pad deactivation. I'll check that tomorrow.