Bug 594105 – [dvdspu] Invalid memory accesses

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 594105 - [dvdspu] Invalid memory accesses


Summary:	[dvdspu] Invalid memory accesses


Status:	RESOLVED DUPLICATE of bug 589609

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-bad
Version:	git master
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	git master
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-09-04 07:03 UTC by Sebastian Dröge (slomo)
Modified:	2009-09-04 07:04 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Sebastian Dröge (slomo) 2009-09-04 07:03:44 UTC

Hi,
dvdspu currently does some invalid memory accesses that later result in a crash because of random memory corruption.

A test file can be found here http://launchpadlibrarian.net/31290894/test%20movie%2Bvobsubonly.mkv
Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/gst-plugins-bad0.10/+bug/408647


Can be reproduced by running

gst-launch-0.10 -v filesrc location=test\ movie+vobsubonly.mkv ! matroskademux ! dvdspu name=spu ! fakesink silent=true   videotestsrc ! spu.


Example valgrind output:

==3922== Thread 2:
==3922== Invalid write of size 1
==3922==    at 0x4C24F52: memset (mc_replace_strmem.c:493)
==3922==    by 0x8B5DA7D: gstspu_clear_comp_buffers (gstdvdspu-render.c:42)
==3922==    by 0x8B5ED9F: gstspu_vobsub_clear_comp_buffers (gstspu-vobsub-render.c:352)
==3922==    by 0x8B5FB50: gstspu_vobsub_render (gstspu-vobsub-render.c:455)
==3922==    by 0x8B5A82C: gstspu_render (gstdvdspu.c:660)
==3922==    by 0x8B5C665: dvdspu_handle_vid_buffer (gstdvdspu.c:625)
==3922==    by 0x8B5D0C9: gst_dvd_spu_video_chain (gstdvdspu.c:550)
==3922==    by 0x4E8B37C: gst_pad_chain_data_unchecked (gstpad.c:4042)
==3922==    by 0x4E8BE4D: gst_pad_push_data (gstpad.c:4271)
==3922==    by 0x7CB2581: gst_base_src_loop (gstbasesrc.c:2323)
==3922==    by 0x4EA94D6: gst_task_func (gsttask.c:234)
==3922==    by 0x57B45C6: g_thread_pool_thread_proxy (gthreadpool.c:265)
==3922==  Address 0x94620f8 is 0 bytes after a block of size 640 alloc'd
==3922==    at 0x4C2391E: malloc (vg_replace_malloc.c:207)
==3922==    by 0x4C23AA7: realloc (vg_replace_malloc.c:429)
==3922==    by 0x579249D: g_realloc (gmem.c:170)
==3922==    by 0x8B5AB64: gst_dvd_spu_video_set_caps (gstdvdspu.c:352)
==3922==    by 0x4E84C48: gst_pad_set_caps (gstpad.c:2526)
==3922==    by 0x4E8B469: gst_pad_chain_data_unchecked (gstpad.c:4024)
==3922==    by 0x4E8BE4D: gst_pad_push_data (gstpad.c:4271)
==3922==    by 0x7CB2581: gst_base_src_loop (gstbasesrc.c:2323)
==3922==    by 0x4EA94D6: gst_task_func (gsttask.c:234)
==3922==    by 0x57B45C6: g_thread_pool_thread_proxy (gthreadpool.c:265)
==3922==    by 0x57B3093: g_thread_create_proxy (gthread.c:635)
==3922==    by 0x5E26F99: start_thread (pthread_create.c:300)

Comment 1 Sebastian Dröge (slomo) 2009-09-04 07:04:34 UTC


*** This bug has been marked as a duplicate of bug 589609 ***