After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 127815 - gst-register sigsegs 100% of the time.
gst-register sigsegs 100% of the time.
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gstreamer (core)
0.6.4
Other Linux
: Normal major
: 0.7.5
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 127986 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2003-11-24 15:45 UTC by Jon Nelson
Modified: 2004-12-22 21:47 UTC
See Also:
GNOME target: ---
GNOME version: 2.3/2.4



Description Jon Nelson 2003-11-24 15:45:25 UTC
Distribution: Unknown
Package: GStreamer
Severity: normal
Version: GNOME2.4.1 0.6.4
Gnome-Distributor: GNOME.Org
Synopsis: gst-register, 100% reproduceable crash
Bugzilla-Product: GStreamer
Bugzilla-Component: gstreamer (core)
Bugzilla-Version: 0.6.4
Description:
Description of the crash:

run gst-register.
boom.

Steps to reproduce the crash:
1. run gst-register

Expected Results:

gst-register ought not crash.

How often does this happen?

100% of the time.

Additional Information:

this is run as root.


stat64("/usr/lib/gstreamer-0.6/libgstsnapshot.so",
{st_mode=S_IFREG|0644, st_size=283540, ...}) = 0
access("/usr/lib/gstreamer-0.6/libgstsnapshot.so", F_OK) = 0
open("/usr/lib/gstreamer-0.6/libgstsnapshot.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\34"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=283540, ...}) = 0
old_mmap(NULL, 27008, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40017000
mprotect(0x4001d000, 2432, PROT_NONE)   = 0
old_mmap(0x4001d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x5000) = 0x4001d000
close(3)                                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=37820, ...}) = 0
old_mmap(NULL, 37820, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4045d000
close(3)                                = 0
open("/usr/lib/libpng.so.3", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@^\0\000"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=558996, ...}) = 0
old_mmap(NULL, 224160, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x40467000
mprotect(0x4049d000, 2976, PROT_NONE)   = 0
old_mmap(0x4049d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3, 0x35000) = 0x4049d000
close(3)                                = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\265D(\211lJ=iM4@\274\33\323\t\345C\faM9\25\223\317r2\""...,
32) = 32
close(3)                                = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\221\336C\320\306\357}|\30]V\352\35\316\23\30\356\357\255"...,
32) = 32
close(3)                                = 0
munmap(0x4045d000, 37820)               = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


and ltrace:

gst_registry_pool_list(0xbffffb60, 0xbffffb64, 0x4021cb45, 0x08049143,
3) = 0x0805062c
g_list_reverse(0x0805062c, 0xbffffb64, 0x4021cb45, 0x08049143, 3) =
0x08050638
gst_registry_get_type(0x0805062c, 0xbffffb64, 0x4021cb45, 0x08049143, 3)
= 0x0804e820
g_type_check_instance_cast(0x080503e8, 0x0804e820, 0x4021cb45,
0x08049143, 3) = 0x080503e8
g_type_check_instance_cast(0x080503e8, 80, 0x4021cb45, 0x08049143, 3) =
0x080503e8
g_signal_connect_data(0x080503e8, 0x080495f8, 0x08048e50, 0, 0)  = 1
g_print(0x08049605, 0x08053de0, 0x08048e50, 0, 0rebuilding
global_registry
)                = 0x402f0fa0
gst_registry_rebuild(0x080503e8, 0x08053de0, 0x08048e50, 0, 0
<unfinished ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++



Debugging Information:

Backtrace was generated from '/usr/bin/gst-register'

Core was generated by `gst-register'.
Program terminated with signal 11, Segmentation fault.

Thread 1 (process 23956)

  • #0 gst_mem_chunk_alloc
    at gstmemchunk.c line 182
  • #1 gst_props_empty_new
    at gstprops.c line 351
  • #2 gst_props_newv
    at gstprops.c line 666
  • #3 gst_props_new
    at gstprops.c line 472
  • #4 snapshot_sink_factory
    at gstsnapshot.c line 54
  • #5 plugin_init
    at gstsnapshot.c line 382
  • #6 gst_plugin_register_func
    at gstplugin.c line 110
  • #7 gst_plugin_load_plugin
    at gstplugin.c line 187
  • #8 gst_xml_registry_rebuild
    at gstxmlregistry.c line 1641
  • #9 gst_registry_rebuild
    at gstregistry.c line 182
  • #10 main
    at gst-register.c line 85

Comment 1 Jon Nelson 2003-11-26 15:51:49 UTC
*** Bug 127986 has been marked as a duplicate of this bug. ***
Comment 2 Jon Nelson 2003-11-26 20:52:52 UTC
More data.
This was compiled with the latest gcc (3.3.2) and propolice (3.3-5).
When -fstack-protector-all is used, that's what triggers the sigseg.
I'm not sure /why/, but there is clearly a buffer overrun or a bug in
propolice.
Comment 3 Ronald Bultje 2003-11-26 21:24:10 UTC
Then I assume you want to add a bug there instead of here? This
doesn't sound like a GStreamer bug then...
Comment 4 Jon Nelson 2003-11-26 21:28:15 UTC
Well, no, it's still a buffer overrun.

The difference is that propolice catches it an aborts gstreamer,
rather than allowing it to continue after what it believes at this
point is a buffer overrun.

Comment 5 Thomas Vander Stichele 2003-12-12 17:59:02 UTC
I have never seen backtraces look like that.
two threads, same backtrace with same pointers, the second one having
more info ?

what dist are you on, and what sort of non-standard stuff did you do
to the build to get the first bt ?
Comment 6 Thomas Vander Stichele 2004-02-06 15:42:04 UTC
ping, please comment
Comment 7 Jon Nelson 2004-02-06 16:53:30 UTC
I'll look into it today.
Thanks for the ping!
Comment 8 Jon Nelson 2004-02-06 19:17:40 UTC
I tried 0.7.4 today.
No sigseg.
yay!