GNOME Bugzilla – Bug 165398
[ffdec_mpeg2video] invalid memory access / crash
Last modified: 2005-06-30 15:49:15 UTC
(gdb) run --gst-fatal-warnings dvdreadsrc device=/dev/sr1 title=1 ! dvddemux ! ffdec_mpeg2video ! xvimagesink (snip libdvdread output) GStreamer-CRITICAL **: gst_data_unref: assertion `data != NULL' failed aborting... Program received signal SIGABRT, Aborted.
+ Trace 54979
Thread NaN (LWP 10945)
Might be harmless, or might not. Works okay-ish otherwise if you disregard all the decoder errors/warnings. If I run the above in valgrind, I get a crash: Invalid free() / delete / delete[] at 0x1B9059FF: realloc (vg_replace_malloc.c:197) by 0x1C37EF95: av_realloc (mem.c:103) by 0x1C37D0E2: av_realloc_static (utils.c:104) by 0x1C37CA98: alloc_table (common.c:137) by 0x1C37CB0A: build_table (common.c:159) by 0x1C37CC9A: build_table (common.c:228) by 0x1C37CE3B: init_vlc (common.c:289) by 0x1C47F1CC: init_vlcs (mpeg12.c:998) by 0x1C481812: mpeg_decode_init (mpeg12.c:1943) by 0x1C37DB2B: avcodec_open (utils.c:488) by 0x1C332C41: gst_ffmpegdec_open (gstffmpegdec.c:323) by 0x1C332E45: gst_ffmpegdec_connect (gstffmpegdec.c:406) by 0x1B957014: gst_pad_link_call_link_functions (gstpad.c:1343) by 0x1B9574CA: gst_pad_link_try (gstpad.c:1410) by 0x1B95B311: gst_pad_set_explicit_caps (gstpad.c:2557) Address 0x804EB80 is not stack'd, malloc'd or (recently) free'd Invalid read of size 2 at 0x1C47A2F3: init_2d_vlc_rl (mpeg12.c:122) by 0x1C47F3D2: init_vlcs (mpeg12.c:1020) by 0x1C481812: mpeg_decode_init (mpeg12.c:1943) by 0x1C37DB2B: avcodec_open (utils.c:488) by 0x1C332C41: gst_ffmpegdec_open (gstffmpegdec.c:323) by 0x1C332E45: gst_ffmpegdec_connect (gstffmpegdec.c:406) by 0x1B957014: gst_pad_link_call_link_functions (gstpad.c:1343) by 0x1B9574CA: gst_pad_link_try (gstpad.c:1410) by 0x1B95B311: gst_pad_set_explicit_caps (gstpad.c:2557) by 0x1C2F18FE: gst_dvd_demux_get_video_stream (gstdvddemux.c:529) by 0x1C2EEDE5: gst_mpeg_demux_parse_pes (gstmpegdemux.c:917) by 0x1C2EAE55: gst_mpeg_parse_loop (gstmpegparse.c:535) by 0x1C727255: loop_group_schedule_function (gstoptimalscheduler.c:1342) by 0x1C726AA2: schedule_group (gstoptimalscheduler.c:1163) by 0x1C726D6E: gst_opt_scheduler_schedule_run_queue (gstoptimalscheduler.c:1215) Address 0x2 is not stack'd, malloc'd or (recently) free'd Process terminating with default action of signal 11 (SIGSEGV) Access not within mapped region at address 0x2 at 0x1C47A2F3: init_2d_vlc_rl (mpeg12.c:122) by 0x1C47F3D2: init_vlcs (mpeg12.c:1020) by 0x1C481812: mpeg_decode_init (mpeg12.c:1943) by 0x1C37DB2B: avcodec_open (utils.c:488) by 0x1C332C41: gst_ffmpegdec_open (gstffmpegdec.c:323) by 0x1C332E45: gst_ffmpegdec_connect (gstffmpegdec.c:406) by 0x1B957014: gst_pad_link_call_link_functions (gstpad.c:1343) by 0x1B9574CA: gst_pad_link_try (gstpad.c:1410) by 0x1B95B311: gst_pad_set_explicit_caps (gstpad.c:2557) by 0x1C2F18FE: gst_dvd_demux_get_video_stream (gstdvddemux.c:529) by 0x1C2EEDE5: gst_mpeg_demux_parse_pes (gstmpegdemux.c:917) by 0x1C2EAE55: gst_mpeg_parse_loop (gstmpegparse.c:535) by 0x1C727255: loop_group_schedule_function (gstoptimalscheduler.c:1342) by 0x1C726AA2: schedule_group (gstoptimalscheduler.c:1163) by 0x1C726D6E: gst_opt_scheduler_schedule_run_queue (gstoptimalscheduler.c:1215) Cheers -Tim (KuS DVD)
Apparently my gst-ffmpeg tree was out of data. The gst_data_unref() is fixed in current CVS, but I still get the other problem in valgrind. ==14110== Invalid free() / delete / delete[] ==14110== at 0x1B9059FF: realloc (vg_replace_malloc.c:197) ==14110== by 0x1C37FAE5: av_realloc (mem.c:103) ==14110== by 0x1C37DC32: av_realloc_static (utils.c:104) ==14110== by 0x1C37D5E8: alloc_table (common.c:137) ==14110== by 0x1C37D65A: build_table (common.c:159) ==14110== by 0x1C37D7EA: build_table (common.c:228) ==14110== by 0x1C37D98B: init_vlc (common.c:289) ==14110== by 0x1C47FD1C: init_vlcs (mpeg12.c:998) ==14110== by 0x1C482362: mpeg_decode_init (mpeg12.c:1943) ==14110== by 0x1C37E67B: avcodec_open (utils.c:488) ==14110== by 0x1C332F6B: gst_ffmpegdec_open (gstffmpegdec.c:334) ==14110== by 0x1C3331CC: gst_ffmpegdec_connect (gstffmpegdec.c:414) ==14110== by 0x1B957014: gst_pad_link_call_link_functions (gstpad.c:1343) ==14110== by 0x1B9574CA: gst_pad_link_try (gstpad.c:1410) ==14110== by 0x1B95B311: gst_pad_set_explicit_caps (gstpad.c:2557) ==14110== Address 0x804EB80 is not stack'd, malloc'd or (recently) free'd ==14110== ==14110== Invalid read of size 2 ==14110== at 0x1C47AE43: init_2d_vlc_rl (mpeg12.c:122) ==14110== by 0x1C47FF22: init_vlcs (mpeg12.c:1020) ==14110== by 0x1C482362: mpeg_decode_init (mpeg12.c:1943) ==14110== by 0x1C37E67B: avcodec_open (utils.c:488) ==14110== by 0x1C332F6B: gst_ffmpegdec_open (gstffmpegdec.c:334) ==14110== by 0x1C3331CC: gst_ffmpegdec_connect (gstffmpegdec.c:414) ==14110== by 0x1B957014: gst_pad_link_call_link_functions (gstpad.c:1343) ==14110== by 0x1B9574CA: gst_pad_link_try (gstpad.c:1410) ==14110== by 0x1B95B311: gst_pad_set_explicit_caps (gstpad.c:2557) ==14110== by 0x1C2F18FE: gst_dvd_demux_get_video_stream (gstdvddemux.c:529) ==14110== by 0x1C2EEDE5: gst_mpeg_demux_parse_pes (gstmpegdemux.c:917) ==14110== by 0x1C2EAE55: gst_mpeg_parse_loop (gstmpegparse.c:535) ==14110== by 0x1C73E255: loop_group_schedule_function (gstoptimalscheduler.c:1342) ==14110== by 0x1C73DAA2: schedule_group (gstoptimalscheduler.c:1163) ==14110== by 0x1C73DD6E: gst_opt_scheduler_schedule_run_queue (gstoptimalscheduler.c:1215) ==14110== Address 0x2 is not stack'd, malloc'd or (recently) free'd ==14110== ==14110== Process terminating with default action of signal 11 (SIGSEGV) ==14110== Access not within mapped region at address 0x2 ==14110== at 0x1C47AE43: init_2d_vlc_rl (mpeg12.c:122) ==14110== by 0x1C47FF22: init_vlcs (mpeg12.c:1020) ==14110== by 0x1C482362: mpeg_decode_init (mpeg12.c:1943) ==14110== by 0x1C37E67B: avcodec_open (utils.c:488) ==14110== by 0x1C332F6B: gst_ffmpegdec_open (gstffmpegdec.c:334) ==14110== by 0x1C3331CC: gst_ffmpegdec_connect (gstffmpegdec.c:414) ==14110== by 0x1B957014: gst_pad_link_call_link_functions (gstpad.c:1343) ==14110== by 0x1B9574CA: gst_pad_link_try (gstpad.c:1410) ==14110== by 0x1B95B311: gst_pad_set_explicit_caps (gstpad.c:2557) ==14110== by 0x1C2F18FE: gst_dvd_demux_get_video_stream (gstdvddemux.c:529) ==14110== by 0x1C2EEDE5: gst_mpeg_demux_parse_pes (gstmpegdemux.c:917) ==14110== by 0x1C2EAE55: gst_mpeg_parse_loop (gstmpegparse.c:535) ==14110== by 0x1C73E255: loop_group_schedule_function (gstoptimalscheduler.c:1342) ==14110== by 0x1C73DAA2: schedule_group (gstoptimalscheduler.c:1163) ==14110== by 0x1C73DD6E: gst_opt_scheduler_schedule_run_queue (gstoptimalscheduler.c:1215) ==14110== Cheers -Tim
The invalid free's may be fixed (by using posix_memalign()). Patch is not being accepted upstream for some reason, but ok, won't bother for now. The invalid memory accesses are a problem. The ffmpeg devs (Michael) tell me to pad allocated data by allocating 8 extra bytes, so they can validly overflow while reading the bitstream. That is gross if you ask me, but it works that way for them (mplayer & co, see also http://sourceforge.net/mailarchive/message.php?msg_id=11427473). That's the last 2 valgrind warnings. Seems to work fine oherwise though.
Seems to be fixed, at least I can't reproduce it any longer. Cheers -Tim