After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 566769 - [flacdec] crash in push mode with large header packet (image)
[flacdec] crash in push mode with large header packet (image)
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
0.10.18
Other Linux
: Normal critical
: 0.10.29
Assigned To: Wim Taymans
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2009-01-06 13:35 UTC by palfrey
Modified: 2011-03-28 22:52 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description palfrey 2009-01-06 13:35:52 UTC 
While trying to play a remote file (over DAAP) using Rhythmbox, I saw the following crash:

0xb29b6c5f in FLAC__bitreader_read_raw_uint32 (br=0xb346c000, val=0xb1daee74, bits=8) at bitreader.c:507
507				*val = br->buffer[br->consumed_words] >> (FLAC__BITS_PER_WORD-bits);
(gdb) bt

+ Trace 211313

  • #0 FLAC__bitreader_read_raw_uint32
    at bitreader.c line 507
  • #1 frame_sync_
    at stream_decoder.c line 1966
  • #2 FLAC__stream_decoder_process_single
    at stream_decoder.c line 1056
  • #3 gst_flac_dec_chain
    at gstflacdec.c line 1527
  • #4 gst_pad_chain_unchecked
    at gstpad.c line 3523
  • #5 gst_pad_push
    at gstpad.c line 3691
  • #6 gst_type_find_element_chain
    at gsttypefindelement.c line 584
  • #7 gst_pad_chain_unchecked
    at gstpad.c line 3523
  • #8 gst_pad_push
    at gstpad.c line 3691
  • #9 gst_proxy_pad_do_chain
    at gstghostpad.c line 193
  • #10 gst_pad_chain_unchecked
    at gstpad.c line 3523
  • #11 gst_pad_push
    at gstpad.c line 3691
  • #12 gst_base_src_loop
    at gstbasesrc.c line 2111
  • #13 gst_task_func
    at gsttask.c line 192
  • #14 g_thread_pool_thread_proxy
    at /data/tparker/builder/sources/glib2.0_2.18.1-1/glib/gthreadpool.c line 265
  • #15 g_thread_create_proxy
    at /data/tparker/builder/sources/glib2.0_2.18.1-1/glib/gthread.c line 635
  • #16 start_thread
    from /lib/i686/cmov/libpthread.so.0
  • #17 clone
    from /lib/i686/cmov/libc.so.6
  • #0 FLAC__bitreader_read_raw_uint32
    at bitreader.c line 507
  • #1 frame_sync_
    at stream_decoder.c line 1966
  • #2 FLAC__stream_decoder_process_single
    at stream_decoder.c line 1056
  • #3 gst_flac_dec_chain
    at gstflacdec.c line 1527
  • #4 gst_pad_chain_unchecked
    at gstpad.c line 3523
  • #5 gst_pad_push
    at gstpad.c line 3691
  • #6 gst_type_find_element_chain
    at gsttypefindelement.c line 584
  • #7 gst_pad_chain_unchecked
    at gstpad.c line 3523
  • #8 gst_pad_push
    at gstpad.c line 3691
  • #9 gst_proxy_pad_do_chain
    at gstghostpad.c line 193
  • #10 gst_pad_chain_unchecked
    at gstpad.c line 3523
  • #11 gst_pad_push
    at gstpad.c line 3691
  • #12 gst_base_src_loop
    at gstbasesrc.c line 2111 

Notably, playing the same file locally doesn't result in a crash, so I'm guessing the problem might be in Gstreamer feeding enough data to FLAC rather than a bug in FLAC itself. This is reproducible *every* time I try it.

rhythmbox: 0.11.5-0ubuntu8
gstreamer0.10-plugins-good: 0.10.7-3ubuntu0.1
libgstreamer0.10-0: 0.10.18-4ubuntu1
libflac8: 1.2.1-1.2
Comment 1 palfrey 2009-01-06 13:38:39 UTC 
There is also a copy of the file that was causing the crash at http://tevp.net/03%20-%20Fire%20and%20Ice.flac but note that it's 17.3mb in size...
Comment 2 Wim Taymans 2009-01-07 17:03:33 UTC 
The problem is that this file contains a very huge image in the metadata and we can't feed it in chunks to the flac API. 

We probably need to manually parse frames before calling the flac API, bleh.
Comment 3 Sebastian Dröge (slomo) 2009-08-04 12:40:33 UTC 
You only want to parse the metadata blocks though, the audio blocks are very complex and expensive to parse
Comment 4 David Schleef 2011-01-06 00:38:16 UTC 
Imo, this is a FLAC bug, unless we're supposed to be parsing frames before they're sent to libFLAC.
Comment 5 Tim-Philipp Müller 2011-01-06 00:49:12 UTC 
Maybe so, but for all practical purposes libFLAC seems to be unmaintained, so if we don't want to crash we probably have to fix this ourselves. We could just wait for the audioparsers (incl. flacparse) to be moved to -good of course.
Comment 6 Tim-Philipp Müller 2011-03-28 22:52:23 UTC 
commit c365fbddba14669e2341da9089ce3bbb338c5abc
Author: Tim-Philipp Müller <tim.muller@collabora.co.uk>
Date:   Mon Mar 28 23:46:47 2011 +0100

    flacdec: fix issues with large metadata blocks when streaming unframed flac
    
    Parse metadata blocks when handling unparsed flac in push mode. This
    works around a bunch of issues with the flac decoder when handling
    metadata blocks that are larger than the max. flac framesize, which
    coverart blocks often are. We need to have all the data for these
    blocks available when we pass data to libflac.
    
    http://gstreamer-devel.966125.n4.nabble.com/Flac-files-that-will-playback-but-not-stream-td3338198.html#a3395276
    
    https://bugzilla.gnome.org/show_bug.cgi?id=566769