Bug 682312 – [0.11] libvisual: crash in totem on switching songs

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 682312 - [0.11] libvisual: crash in totem on switching songs


Summary:	[0.11] libvisual: crash in totem on switching songs


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-base
Version:	0.11.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	0.11.x
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2012-08-20 23:24 UTC by Tim-Philipp Müller
Modified:	2012-09-11 15:35 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Tim-Philipp Müller 2012-08-20 23:24:47 UTC

Just got this crash in totem when switching songs:

*** glibc detected *** /home/tpm/gst/0.11/totem/src/.libs/lt-totem: corrupted double-linked list: 0x0000000001860760 ***

(gdb) bt

+ Trace 230713

Thread 140736679528192 (LWP 15594)

#0 gst_memory_unmap
at gstmemory.c line 312
#1 gst_buffer_unmap
at gstbuffer.c line 1486
#2 default_unmap
at gstvideometa.c line 159
#3 gst_video_frame_unmap
at video-frame.c line 188
#4 gst_audio_visualizer_chain
at gstaudiovisualizer.c line 984
#5 gst_pad_chain_data_unchecked
at gstpad.c line 3611
#6 gst_pad_push_data
at gstpad.c line 3824
#7 gst_pad_chain_data_unchecked
at gstpad.c line 3611
#8 gst_pad_push_data
at gstpad.c line 3824
#9 gst_pad_push
at gstpad.c line 3927
#10 gst_base_transform_chain
at gstbasetransform.c line 2190
#11 gst_pad_chain_data_unchecked
at gstpad.c line 3611
#12 gst_pad_push_data
at gstpad.c line 3824
#13 gst_pad_push
at gstpad.c line 3927
#14 gst_base_transform_chain
at gstbasetransform.c line 2190
#15 gst_pad_chain_data_unchecked
at gstpad.c line 3611
#16 gst_pad_push_data
at gstpad.c line 3824
#17 gst_pad_push
at gstpad.c line 3927
#18 gst_queue_push_one
at gstqueue.c line 1045
#19 gst_queue_loop
at gstqueue.c line 1161
#20 gst_task_func
at gsttask.c line 316
#21 g_thread_pool_thread_proxy
at /tmp/buildd/glib2.0-2.32.3/./glib/gthreadpool.c line 309
#22 g_thread_proxy
at /tmp/buildd/glib2.0-2.32.3/./glib/gthread.c line 801
#23 start_thread
at pthread_create.c line 304
#24 clone
at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
#25 ??

Comment 1 Tim-Philipp Müller 2012-08-20 23:25:37 UTC

And this second trace crashed right on startup:


Program received signal SIGSEGV, Segmentation fault.

+ Trace 230714

Thread 140736679528192 (LWP 15594)

#0 gst_memory_unmap
at gstmemory.c line 312
#1 gst_buffer_unmap
at gstbuffer.c line 1486
#2 default_unmap
at gstvideometa.c line 159
#3 gst_video_frame_unmap
at video-frame.c line 188
#4 gst_audio_visualizer_chain
at gstaudiovisualizer.c line 984
#5 gst_pad_chain_data_unchecked
at gstpad.c line 3611
#6 gst_pad_push_data
at gstpad.c line 3824
#7 gst_pad_chain_data_unchecked
at gstpad.c line 3611
#8 gst_pad_push_data
at gstpad.c line 3824
#9 gst_pad_push
at gstpad.c line 3927
#10 gst_base_transform_chain
at gstbasetransform.c line 2190
#11 gst_pad_chain_data_unchecked
at gstpad.c line 3611
#12 gst_pad_push_data
at gstpad.c line 3824
#13 gst_pad_push
at gstpad.c line 3927
#14 gst_base_transform_chain
at gstbasetransform.c line 2190
#15 gst_pad_chain_data_unchecked
at gstpad.c line 3611
#16 gst_pad_push_data
at gstpad.c line 3824
#17 gst_pad_push
at gstpad.c line 3927
#18 gst_queue_push_one
at gstqueue.c line 1045
#19 gst_queue_loop
at gstqueue.c line 1161
#20 gst_task_func
at gsttask.c line 316
#21 g_thread_pool_thread_proxy
at /tmp/buildd/glib2.0-2.32.3/./glib/gthreadpool.c line 309
#22 g_thread_proxy
at /tmp/buildd/glib2.0-2.32.3/./glib/gthread.c line 801
#23 start_thread
at pthread_create.c line 304
#24 clone
at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
#25 ??

Comment 2 Tim-Philipp Müller 2012-09-11 15:35:48 UTC

This was probably caused by the shader trampling over memory:

commit 16c185bac6ca543acdbb65562c738195f986b4d7
Author: Tim-Philipp Müller <tim@centricular.net>
Date:   Sat Sep 8 22:56:56 2012 +0100

    libvisual: fix crashes and invalid writes in totem
    
    This reverts part of "visual: enable commented out code again."
    (commit 8222ba16c8f671dc03e24e7b60e3e703046e58c1).
    
    The shader code does indeed look broken (or rather,
    it makes assumptions that are not necessarily true here,
    namly that pixel stride is 4, for example), which
    makes totem very crashy and causes other weird behaviour.
    
    Also see https://bugzilla.gnome.org/show_bug.cgi?id=683527