After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 165013 - AVI with HuffYUV segfault
AVI with HuffYUV segfault
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins
git master
Other Linux
: Normal normal
: 0.8.8
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2005-01-23 20:08 UTC by Stéphan Kochen
Modified: 2005-01-25 15:17 UTC
See Also:
GNOME target: ---
GNOME version: 2.9/2.10


Description Stéphan Kochen 2005-01-23 20:08:31 UTC 
I've gotten both Totem and Pitivi to segfault when opening an AVI with a HuffYUV
video stream.

The file causing the segfault I'm getting is too large to upload, but is
compiled from a set of BMP images into a HuffYUV encoded AVI using VirtualDub
for Windows. The file contains no audio stream.

No additional errors or warnings are printed to the console.
Comment 1 Stéphan Kochen 2005-01-23 22:23:00 UTC 
Backtrace as requested:

+ Trace 54842

Thread 4 (Thread 48098224 (LWP 16687))

  • #0 _dl_sysinfo_int80
    from /lib/ld-linux.so.2
  • #1 raise
    from /lib/tls/libc.so.6
  • #2 abort
    from /lib/tls/libc.so.6
  • #3 __libc_message
    from /lib/tls/libc.so.6
  • #4 _int_malloc
    from /lib/tls/libc.so.6
  • #5 calloc
    from /lib/tls/libc.so.6
  • #6 g_malloc0
    from /usr/lib/libglib-2.0.so.0
  • #7 got_found_tag
    at bacon-video-widget-gst.c line 810
  • #8 gst_marshal_VOID__OBJECT_BOXED
    at gstmarshal.c line 246
  • #9 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #10 g_signal_has_handler_pending
    from /usr/lib/libgobject-2.0.so.0
  • #11 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #12 g_signal_emit_by_name
    from /usr/lib/libgobject-2.0.so.0
  • #13 probe_triggered
    at gstplaybasebin.c line 707
  • #14 gst_probe_perform
    at gstprobe.c line 112
  • #15 gst_probe_dispatcher_dispatch
    at gstprobe.c line 252
  • #16 gst_pad_push
    at gstpad.c line 3248
  • #17 get_group_schedule_function
    at gstoptimalscheduler.c line 1315
  • #18 gst_opt_scheduler_schedule_run_queue
    at gstoptimalscheduler.c line 1163
  • #19 gst_opt_scheduler_iterate
    at gstoptimalscheduler.c line 1268
  • #20 gst_scheduler_iterate
    at gstscheduler.c line 738
  • #21 gst_bin_iterate_func
    at gstbin.c line 1220
  • #22 gst_marshal_BOOLEAN__VOID
    at gstmarshal.c line 509
  • #23 g_cclosure_new_swap
    from /usr/lib/libgobject-2.0.so.0
  • #24 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #25 g_signal_has_handler_pending
    from /usr/lib/libgobject-2.0.so.0
  • #26 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #27 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #28 gst_bin_iterate
    at gstbin.c line 1280
  • #29 gst_thread_main_loop
    at gstthread.c line 671
  • #30 g_static_private_free
    from /usr/lib/libglib-2.0.so.0
  • #31 start_thread
    from /lib/tls/libpthread.so.0
  • #32 clone
    from /lib/tls/libc.so.6

Thread 3 (Thread -1222378576 (LWP 16686))

  • #0 add_left_prediction
    at huffyuv.c line 132
  • #1 decode_frame
    at huffyuv.c line 841
  • #2 avcodec_decode_video
    at utils.c line 536
  • #3 gst_ffmpegdec_frame
    at gstffmpegdec.c line 566
  • #4 gst_ffmpegdec_chain
    at gstffmpegdec.c line 804
  • #5 gst_pad_call_chain_function
    at gstpad.c line 4476
  • #6 gst_pad_push
    at gstpad.c line 3287
  • #7 gst_avi_demux_stream_data
    at gstavidemux.c line 2054
  • #8 gst_avi_demux_loop
    at gstavidemux.c line 2168
  • #9 loop_group_schedule_function
    at gstoptimalscheduler.c line 1342
  • #10 gst_opt_scheduler_schedule_run_queue
    at gstoptimalscheduler.c line 1163
  • #11 gst_opt_scheduler_iterate
    at gstoptimalscheduler.c line 1268
  • #12 gst_scheduler_iterate
    at gstscheduler.c line 738
  • #13 gst_bin_iterate_func
    at gstbin.c line 1220
  • #14 gst_marshal_BOOLEAN__VOID
    at gstmarshal.c line 509
  • #15 g_cclosure_new_swap
    from /usr/lib/libgobject-2.0.so.0
  • #16 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #17 g_signal_has_handler_pending
    from /usr/lib/libgobject-2.0.so.0
  • #18 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #19 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #20 gst_bin_iterate
    at gstbin.c line 1280
  • #21 gst_thread_main_loop
    at gstthread.c line 671
  • #22 g_static_private_free
    from /usr/lib/libglib-2.0.so.0
  • #23 start_thread
    from /lib/tls/libpthread.so.0
  • #24 clone
    from /lib/tls/libc.so.6 






Comment 2


Stephane Loeuillet





          2005-01-25 11:00:41 UTC
        



could you provide a sample file please ?






Comment 3


Ronald Bultje





          2005-01-25 13:42:35 UTC
        



I already have it. Relevant valgrind output:

==11947== Thread 2:
==11947== Invalid write of size 1
==11947==    at 0x1C574BA1: decode_frame (huffyuv.c:132)
==11947==    by 0x1C46E218: avcodec_decode_video (utils.c:536)
==11947==    by 0x1C42CCF7: gst_ffmpegdec_frame (gstffmpegdec.c:574)
==11947==    by 0x1C42D40E: gst_ffmpegdec_chain (gstffmpegdec.c:812)
==11947==  Address 0x1CAAB9B0 is 0 bytes after a block of size 76816 alloc'd
==11947==    at 0x1B9055B5: memalign (vg_replace_malloc.c:217) ==11947==    by
0x1C46F204: av_malloc (mem.c:56)
==11947==    by 0x1C46D675: av_mallocz (utils.c:40)
==11947==    by 0x1C46DB2F: avcodec_default_get_buffer (utils.c:280)

Looking further...






Comment 4


Ronald Bultje





          2005-01-25 15:17:11 UTC
        



We didn't provide extradata, but RGBA32 setup in ffmpeg also wasn't up-to-date
with what's in gst-plugins, so fixed in both...