GNOME Bugzilla – Bug 305428
[audiorate] crashes if first buffer has offset of GST_BUFFER_OFFSET_NONE
Last modified: 2005-06-02 10:16:01 UTC
audiorate crashes if the first buffer received has no offset set: guint64 in_offset, in_offset_end; ... if (in_offset == GST_CLOCK_TIME_NONE || in_offset_end == GST_CLOCK_TIME_NONE) { GST_WARNING_OBJECT (audiorate, "audiorate got buffer without offsets"); } /* do we need to insert samples */ if (in_offset > audiorate->next_offset) { GstBuffer *fill; gint fillsize; guint64 fillsamples; fillsamples = in_offset - audiorate->next_offset; fillsize = fillsamples * audiorate->bytes_per_sample; fill = gst_buffer_new_and_alloc (fillsize); memset (GST_BUFFER_DATA (fill), 0, fillsize); Here in_offset is (guint64)-1 which of course is bigger than audiorate->next_offset, so fillsamples will be -1 and fillsize will be -4 or another negative number, and memory can't be allocated => crash. Not sure what the correct solution is (drop the buffer? send it on without processing? Assume an offset of 0?) Cheers -Tim
2005-06-02 Tim-Philipp Muller <tim at centricular dot net> * gst/audiorate/gstaudiorate.c: (gst_audiorate_link), (gst_audiorate_init), (gst_audiorate_chain): Make case of overlapping buffers work (a sub buffer with a greater-than-zero offset cannot have the same length as the input buffer); also, calculate offset fields from timestamp/duration and vice versa when those fields are not set (we later assume they are all set and valid, so we better set them to something sane instead of doing calculations with random input values). (also fixes #305428)