After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 330844 - mpeg2dec crashes with "cropped" MPEG videos
mpeg2dec crashes with "cropped" MPEG videos
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-ugly
git master
Other All
: Urgent critical
: 0.10.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2006-02-12 00:19 UTC by Fabrizio Gennari
Modified: 2006-02-15 10:23 UTC
See Also:
GNOME target: ---
GNOME version: 2.13/2.14

Attachments
Patch to add caps to "cropped" frame, and to correctly free it instead of double-freeing the wrong one (2.59 KB, patch)
2006-02-12 00:20 UTC, Fabrizio Gennari 		accepted-commit_now Details | Review

Description Fabrizio Gennari 2006-02-12 00:19:11 UTC 
Please describe the problem:
If the image in a MPEG video file needs to be cropped, mpeg2dec allocates a new
buffer with the cropped image. But there are two serious problems with that
- the newly allocated buffer has no caps
- the newly allocated buffer is never freed, while the old buffer is
double-freed, causing memory corruption and crashes

Steps to reproduce:
1. Open an MPEG video file with video frames needing cropping in a GStreamer
app, in a pipeline which has mpeg2dec in it and terminates with xvimagesink
2. xvimagesink will break, since it does not get "width" and "height" caps 


Actual results:


Expected results:


Does this happen every time?


Other information:
Comment 1 Fabrizio Gennari 2006-02-12 00:20:34 UTC 
Created attachment 59161 [details] [review]
Patch to add caps to "cropped" frame, and to correctly free it instead of double-freeing the wrong one
Comment 2 Christian Kirbach 2006-02-12 14:04:11 UTC 
thanks a lot for sending a patch
Comment 3 Andy Wingo 2006-02-13 10:05:58 UTC 
Looks good, raising priority so someone can commit this
Comment 4 Wim Taymans 2006-02-15 10:23:26 UTC 
        * ext/amrnb/amrnbdec.c: (gst_amrnbdec_setcaps),
        (gst_amrnbdec_chain), (gst_amrnbdec_state_change):
        Some more comments.

        * ext/mpeg2dec/gstmpeg2dec.c: (crop_buffer), (handle_slice):
        Applied patch from Fabrizio Gennari, fixes #330844.