After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 753078 - oggdemux: Segfault on state-change intensive test
oggdemux: Segfault on state-change intensive test
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-base
git master
Other Linux
: Normal normal
: 1.5.90
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2015-07-30 20:26 UTC by Olivier Crête
Modified: 2015-08-16 13:37 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
oggdemux: Set chain pointers to NULL (1.03 KB, patch)
2015-07-30 20:52 UTC, Olivier Crête 		none Details | Review

Description Olivier Crête 2015-07-30 20:26:41 UTC 
Easily reproducible segfault in oggdemux:

GST_VALIDATE_SCENARIO=change_state_intensive gdb --args gst-validate-1.0 pushfilesrc location=~/gst-validate/gst-qa-assets/medias/ogg/vorbis_theora.1.ogg ! oggdemux ! vorbisdec ! fakesink sync=true

=========================================
Running scenario change_state_intensive on pipeline pipeline0
=========================================
Starting pipeline
0:00:00.591158834  3893       0x84a530 ERROR              vorbisdec gstvorbisdec.c:137:vorbis_dec_start:<vorbisdec0> start
Pipeline started
0:00:00.595681879  3893       0x830ca0 ERROR              vorbisdec gstvorbisdec.c:319:vorbis_handle_header_packet:<vorbisdec0> bos header
Executing (40/40) set-state: state=null repeat=40 
0:00:00.600249812  3893       0x84a530 ERROR              vorbisdec gstvorbisdec.c:150:vorbis_dec_stop:<vorbisdec0> stop
0:00:00.600553397  3893       0x830ca0 ERROR               validate gst-validate-reporter.c:176:gst_validate_report_valist: <oggdemux0:sink> 2085 (critical) : buffer: flow return from pad push doesn't match expected value : Wrong combined flow return ok(0). Expected: flushing(-2)
Executing (subaction) set-state: state=playing 
0:00:00.600922903  3893       0x84a530 ERROR              vorbisdec gstvorbisdec.c:137:vorbis_dec_start:<vorbisdec0> start
[New Thread 0x7fffe8dc1700 (LWP 3900)]
[New Thread 0x7fffe95c2700 (LWP 3902)]
[New Thread 0x7fffe2957700 (LWP 3901)]
[New Thread 0x7fffe9dc3700 (LWP 3898)]
[New Thread 0x7fffea5c4700 (LWP 3897)]

Program received signal SIGSEGV, Segmentation fault.

+ Trace 235311

Thread 140737100125952 (LWP 3900)

  • #0 gst_ogg_demux_sink_event
    at gstoggdemux.c line 2367
  • #1 gst_validate_pad_monitor_downstream_event_check
    at gst-validate-pad-monitor.c line 1788
  • #2 gst_validate_pad_monitor_sink_event_func
    at gst-validate-pad-monitor.c line 2103
  • #3 gst_pad_send_event_unchecked
    at gstpad.c line 5388
  • #4 gst_pad_push_event_unchecked
    at gstpad.c line 5064
  • #5 push_sticky
    at gstpad.c line 3651
  • #6 events_foreach
    at gstpad.c line 590
  • #7 check_sticky
    at gstpad.c line 3707
  • #8 gst_pad_push_event
    at gstpad.c line 5189
  • #9 event_forward_func
    at gstpad.c line 2884
  • #10 gst_pad_forward
    at gstpad.c line 2838
  • #11 gst_pad_event_default
    at gstpad.c line 2935
  • #12 gst_pad_send_event_unchecked
    at gstpad.c line 5388
  • #13 gst_pad_push_event_unchecked
    at gstpad.c line 5064
  • #14 push_sticky
    at gstpad.c line 3651
  • #15 events_foreach
    at gstpad.c line 590
  • #16 check_sticky
    at gstpad.c line 3707
  • #17 gst_pad_push_event
    at gstpad.c line 5189
  • #18 gst_base_src_loop
    at gstbasesrc.c line 2748
  • #19 gst_task_func
    at gsttask.c line 331
  • #20 default_func
    at gsttaskpool.c line 68
  • #21 g_thread_pool_thread_proxy
    at gthreadpool.c line 307
  • #22 g_thread_proxy
    at gthread.c line 764
  • #23 start_thread
    at pthread_create.c line 333
  • #24 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 109 






Comment 1


Olivier Crête





          2015-07-30 20:27:18 UTC
        



Ignore the extra error messages in vorbisdec, I was trying to debug something else.






Comment 2


Olivier Crête





          2015-07-30 20:52:58 UTC
        



Created attachment 308496 [details] [review]
oggdemux: Set chain pointers to NULL

Otherwise, they will refer to freed memory






Comment 3


Vincent Penquerc'h





          2015-08-06 16:44:10 UTC
        



Makes sense, pushed, tahaks.

commit 4665c0802a8ca087c1f222fcef5ec15d48953969
Author: Olivier Crête <olivier.crete@collabora.com>
Date:   Thu Jul 30 16:39:03 2015 -0400

    oggdemux: Set chain pointers to NULL
    
    Otherwise, they will refer to freed memory
    
    https://bugzilla.gnome.org/show_bug.cgi?id=753078