After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 575672 - [mpegtsdemux] crashes when souphttpsrc is used as a stream source
[mpegtsdemux] crashes when souphttpsrc is used as a stream source
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
0.10.10
Other FreeBSD
: Normal major
: 0.10.14
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2009-03-17 11:39 UTC by Aleksey Yulin
Modified: 2009-07-16 17:50 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Aleksey Yulin 2009-03-17 11:39:32 UTC
The crash is very hard to reproduce. We've managed to reproduce it on one sample TS file only. Problem occurs here:

gstmpegtsdemux.c, line 1610:

if (demux->streams[demux->streams[j]->PMT_pid] &&
    stream->PID ==
    demux->streams[demux->streams[j]->PMT_pid]->PMT.PCR_PID) {

'demux->streams[j]->PMT_pid' is 0x2000 here (FLUTS_MAX_PID + 1)

Several lines before there's a check for PMT_pid validity, but it looks really strange:

if (demux->streams[j] && demux->streams[j]->PMT_pid)

As I understand there should be something like this:

if (demux->streams[j] && demux->streams[j]->PMT_pid <= FLUTS_MAX_PID)

as PMT_pid can't be 0 (reserved for PAT pid)
Comment 1 Sebastian Dröge (slomo) 2009-07-16 17:44:55 UTC
Can you provide that sample TS file? Also, why does it only happen with souphttpsrc used as source?
Comment 2 Sebastian Dröge (slomo) 2009-07-16 17:50:46 UTC
Actually your change is obviously correct, thanks :)

commit 4f75adcfbf672e70072514a92cfe92adb07073a3
Author: Aleksey Yulin <ulin@tut.by>
Date:   Thu Jul 16 19:49:26 2009 +0200

    mpegtsdemux: Don't use PIDs > MPEGTS_MAX_PID
    
    The mpegtsdemux streams array only has MPEGTS_MAX_PID entries
    and accessing one afterwards will result in crashes.
    
    Fixes bug #575672.