Bug 770019 – splitmuxsink crashes on 32-bit platform

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 770019 - splitmuxsink crashes on 32-bit platform


Summary:	splitmuxsink crashes on 32-bit platform


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-good
Version:	1.8.2
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	1.8.4
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-08-17 03:04 UTC by Jie.Jiang
Modified:	2016-08-21 16:55 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Patch to fix splitmuxsink crash on 32-bit platform (3.05 KB, patch) 2016-08-17 03:04 UTC, Jie.Jiang	none	Details \| Review
patch from 'git format-patch' (3.76 KB, patch) 2016-08-20 09:34 UTC, Jie.Jiang	committed	Details \| Review

Description Jie.Jiang 2016-08-17 03:04:31 UTC

Created attachment 333444 [details] [review]
Patch to fix splitmuxsink crash on 32-bit platform

On 32-bit platform, Splitmuxsink will crash when the total amount of data approximate 4G bytes.
And it can be reproduced by running the following pipeline on 32-bit platform.

gst-launch-1.0  -v videotestsrc is-live=1 ! 'video/x-raw,format=I420,width=1280,height=720,framerate=25/1' ! x264enc bitrate=102400 ! h264parse ! splitmuxsink max-size-time=10000000000 location=video%05d.mp4


When the pipeline crashes, the following msg is output:
"
ERROR:gstsplitmuxsink.c:852:handle_gathered_gop: assertion failed:
(queued_bytes >= splitmux->mux_start_bytes)
"


The potential reason is that some variables(such as structure MqStreamCtx.in_bytes, struct  _GstSplitMuxSink.muxed_out_bytes) used (in gstsplitmuxsink.c) to count the bytes number is of type gsize.
And on 32-bit platforms, gsize is 4-bytes wide. These variables will overrun as time goes by.

For example, inside function handle_mq_input() in gstsplitmuxsink.c, 
at line 1125:
 
ctx->in_bytes += buf_info->buf_size;
 
ctx->in_bytes is continually increased by 'buf_size' every time a buf is received. Sooner or later, ctx->in_bytes will overrun and cause crashes.


The fix is quite straightforward.
Just replace some 'gsize' type by 'guint64' type, as described in the enclosed attachment.
And the fix has been tested and works well.

Comment 1 Jan Schmidt 2016-08-17 08:15:41 UTC

The patch looks correct. Can you please generate the patch using 'git format-patch' and attach it? It's easier to apply and manage correct attribution that way.

Comment 2 Jie.Jiang 2016-08-20 09:34:18 UTC

Created attachment 333729 [details] [review]
patch from 'git format-patch'

Patch generated by 'git format-patch'

Comment 3 Jan Schmidt 2016-08-20 10:07:01 UTC

Thanks, applied (with an updated commit msg for clarity)

commit 655856deee7fc9cd804a03e5ace22a7e6e7a76c4
Author: Jie Jiang <jiangjie@nudt.edu.cn>
Date:   Sat Aug 20 16:59:30 2016 +0800

    Fixed splitmuxsink 32-bit overflow bug
    
    Extend the byte tracking counters to 64-bit on
    all platforms, instead of using gsize, which overflows
    after 4GB.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=770019

Comment 4 Tim-Philipp Müller 2016-08-21 16:55:12 UTC

Picked into 1.8 branch as well.