After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 603515 - segment seek event sent to decodebin2 causes segfault in libmp3lame.so.0
segment seek event sent to decodebin2 causes segfault in libmp3lame.so.0
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: dont know
unspecified
Other Linux
: Normal major
: 0.10.14
Assigned To: Thiago Sousa Santos
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2009-12-01 19:04 UTC by syntr0py
Modified: 2009-12-02 17:11 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Vala source (4.11 KB, application/octet-stream)
2009-12-01 19:04 UTC, syntr0py
  Details
C source, generated by valac (19.51 KB, text/x-csrc)
2009-12-01 19:05 UTC, syntr0py
  Details
backtrace (copied from gdb) (6.08 KB, text/plain)
2009-12-01 19:06 UTC, syntr0py
  Details
A better trace (6.54 KB, text/plain)
2009-12-02 12:41 UTC, syntr0py
  Details
Backtrace using "lamemp3enc" instead of "lame" (6.55 KB, text/plain)
2009-12-02 12:57 UTC, syntr0py
  Details
Trace using "thread apply all bt" (7.08 KB, text/plain)
2009-12-02 13:03 UTC, syntr0py
  Details
Complete trace (with debug info enabled in gstreamer and lame) (7.11 KB, text/plain)
2009-12-02 13:57 UTC, syntr0py
  Details
avoid the crash (2.13 KB, patch)
2009-12-02 14:32 UTC, Thiago Sousa Santos
committed Details | Review

Description syntr0py 2009-12-01 19:04:57 UTC
Created attachment 148844 [details]
Vala source

The attached program tries to loop a file by repeatedly doing a segment seek. Occasionally (maybe one of 5 tries) the first seek causes a segmentation fault in libmp3lame.so.0 (see attached backtrace).

I'm using the GStreamer packages that come with Ubuntu Karmic Koala (gstreamer0.10-plugins-base 0.10.25-2ubuntu1.1, gstreamer0.10-plugins-good 0.10.16-1ubuntu3, gstreamer0.10-plugins-bad 0.10.14-4ubuntu1, gstreamer0.10-plugins-ugly 0.10.12-1). The installed lame package is libmp3lame0 3.98.2+debian-0ubuntu2.

I attached the Vala source written by myself as well as the C source generated by the Vala compiler.
Comment 1 syntr0py 2009-12-01 19:05:47 UTC
Created attachment 148845 [details]
C source, generated by valac
Comment 2 syntr0py 2009-12-01 19:06:34 UTC
Created attachment 148847 [details]
backtrace (copied from gdb)
Comment 3 syntr0py 2009-12-02 12:21:53 UTC
By "looping a file" I meant playing an audio file in an endless loop and sending the result to an MP3-encoded file (whether .mp3 or .flv, doesn't matter).
Comment 4 syntr0py 2009-12-02 12:41:51 UTC
Created attachment 148898 [details]
A better trace

This time, a useful trace.
Comment 5 syntr0py 2009-12-02 12:57:04 UTC
Created attachment 148906 [details]
Backtrace using "lamemp3enc" instead of "lame"

I replaced the "lame" element with a "lamemp3enc" element, with the same result. Backtrace attached.
Comment 6 syntr0py 2009-12-02 13:03:18 UTC
Created attachment 148908 [details]
Trace using "thread apply all bt"
Comment 7 syntr0py 2009-12-02 13:57:23 UTC
Created attachment 148915 [details]
Complete trace (with debug info enabled in gstreamer and lame)
Comment 8 Thiago Sousa Santos 2009-12-02 14:32:35 UTC
Created attachment 148916 [details] [review]
avoid the crash
Comment 9 Thiago Sousa Santos 2009-12-02 15:52:13 UTC
Module: gst-plugins-ugly
Branch: master
Commit: 82ab87032d46ca92eb4262e2340dffb0d7fad15e
URL:    http://cgit.freedesktop.org/gstreamer/gst-plugins-ugly/commit/?id=82ab87032d46ca92eb4262e2340dffb0d7fad15e

Author: Thiago Santos <thiago.sousa.santos@collabora.co.uk>
Date:   Wed Dec  2 11:21:22 2009 -0300

lame: Avoid crash when seeking before negotiating

lame's 'lgv' variable is only initialized when the caps
is negotiated, whenever a seek happens before that, it would
attempt to call a function on an empty pointer, causing the crash.

Fixes #603515
Comment 10 Thiago Sousa Santos 2009-12-02 17:11:44 UTC
Review of attachment 148916 [details] [review]:

Commited with an additional line of comment for the reason of the condition.