Bug 618247 – SIGSEGV with malloc while visiting http://www.angelfire.com/journal2/amfr4/personal/damianlyricspoems.html

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 618247 - SIGSEGV with malloc while visiting http://www.angelfire.com/journal2/amfr4/personal/damianlyricspoems.html


Summary:	SIGSEGV with malloc while visiting http://www.angelfire.com/journal2/amfr4/pe...


Status:	RESOLVED NOTGNOME

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-bad
Version:	0.10.x
Hardware:	Other Linux

Importance:	High critical
Target Milestone:	git master
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-05-10 10:35 UTC by Paul Menzel
Modified:	2010-05-17 08:17 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
patch for WildMidi 0.2.2 (661 bytes, patch) 2010-05-11 02:49 UTC, Benjamin Otte (Company)	none	Details \| Review

Description Paul Menzel 2010-05-10 10:35:36 UTC

Visiting [1] crashes Epiphany for me with the following backtrace. I do not think it is an WebKit issue since Midori is displaying this file without problem.

[1] http://www.angelfire.com/journal2/amfr4/personal/damianlyricspoems.html

+ Trace 221838

Thread 50 (Thread 0xcac4ab70 (LWP 9259))

#0 malloc_consolidate
at malloc.c line 5117
#1 _int_malloc
at malloc.c line 4360
#2 *__GI___libc_malloc
at malloc.c line 3660
#3 WM_BufferFile
from /usr/lib/libWildMidi.so.0
#4 load_sample
from /usr/lib/libWildMidi.so.0
#5 load_patch
from /usr/lib/libWildMidi.so.0
#6 do_amp_setup_patch
from /usr/lib/libWildMidi.so.0
#7 WM_ParseNewMidi
from /usr/lib/libWildMidi.so.0
#8 WildMidi_OpenBuffer
from /usr/lib/libWildMidi.so.0
#9 ??
from /usr/lib/gstreamer-0.10/libgstwildmidi.so
#10 gst_task_func
at gsttask.c line 271
#11 default_func
at gsttaskpool.c line 68
#12 g_thread_pool_thread_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthreadpool.c line 315
#13 g_thread_create_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthread.c line 1893
#14 start_thread
at pthread_create.c line 300
#15 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130


Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

Comment 1 Reinout van Schouwen 2010-05-10 13:26:32 UTC

It looks like a GStreamer crash while playing a MIDI song.

Thanks for taking the time to report this bug.
Unfortunately, that stack trace is missing some elements that will help a lot to solve the problem, so it will be hard for the developers to fix that crash. Can you get us a stack trace with debugging symbols? Please see http://live.gnome.org/GettingTraces for more information on how to do so and reopen this bug or report a new one. Thanks in advance!

Comment 2 Paul Menzel 2010-05-10 13:48:43 UTC

(In reply to comment #1)
> It looks like a GStreamer crash while playing a MIDI song.
> 
> Thanks for taking the time to report this bug.
> Unfortunately, that stack trace is missing some elements that will help a lot
> to solve the problem, so it will be hard for the developers to fix that crash.
> Can you get us a stack trace with debugging symbols? Please see
> http://live.gnome.org/GettingTraces for more information on how to do so and
> reopen this bug or report a new one. Thanks in advance!

I installed DebPkg:gstreamer0.10-ffmpeg-dbg, DebPkg:gstreamer0.10-plugins-bad-dbg and created a new backtrace.

Starting program: /usr/bin/epiphany-browser http://www.angelfire.com/journal2/amfr4/personal/damianlyricspoems.html
[Thread debugging using libthread_db enabled]
[New Thread 0xf11e7b70 (LWP 22885)]
[New Thread 0xf08c6b70 (LWP 22886)]
[New Thread 0xefeffb70 (LWP 22887)]
[Thread 0xefeffb70 (LWP 22887) exited]
[New Thread 0xefeffb70 (LWP 22888)]
[New Thread 0xef17fb70 (LWP 22889)]
[New Thread 0xee97eb70 (LWP 22890)]
[New Thread 0xee17db70 (LWP 22891)]
[Thread 0xee97eb70 (LWP 22890) exited]
[Thread 0xee17db70 (LWP 22891) exited]
[Thread 0xef17fb70 (LWP 22889) exited]
[Thread 0xefeffb70 (LWP 22888) exited]
[New Thread 0xefeffb70 (LWP 22892)]
[New Thread 0xee17db70 (LWP 22893)]
[New Thread 0xef17fb70 (LWP 22894)]
[New Thread 0xee97eb70 (LWP 22895)]
[Thread 0xef17fb70 (LWP 22894) exited]
[Thread 0xee17db70 (LWP 22893) exited]
[Thread 0xefeffb70 (LWP 22892) exited]
[Thread 0xee97eb70 (LWP 22895) exited]
[New Thread 0xee97eb70 (LWP 22896)]
[New Thread 0xefeffb70 (LWP 22897)]
[New Thread 0xee17db70 (LWP 22898)]
[New Thread 0xef17fb70 (LWP 22899)]
[New Thread 0xed703b70 (LWP 22900)]
[New Thread 0xecf02b70 (LWP 22901)]
[New Thread 0xec701b70 (LWP 22902)]
[Thread 0xee97eb70 (LWP 22896) exited]
[Thread 0xefeffb70 (LWP 22897) exited]
[Thread 0xee17db70 (LWP 22898) exited]
[Thread 0xef17fb70 (LWP 22899) exited]
[Thread 0xed703b70 (LWP 22900) exited]
[New Thread 0xed703b70 (LWP 22925)]
[Thread 0xec701b70 (LWP 22902) exited]
[Thread 0xecf02b70 (LWP 22901) exited]
[Thread 0xed703b70 (LWP 22925) exited]
[New Thread 0xed703b70 (LWP 22926)]
[New Thread 0xecf02b70 (LWP 22927)]
[New Thread 0xec701b70 (LWP 22928)]
[New Thread 0xef17fb70 (LWP 22929)]
[New Thread 0xee5bab70 (LWP 22930)]
[New Thread 0xebd37b70 (LWP 22931)]
[New Thread 0xeb536b70 (LWP 22932)]
[New Thread 0xead35b70 (LWP 22933)]
[New Thread 0xea534b70 (LWP 22934)]
[New Thread 0xe9d33b70 (LWP 22935)]
[New Thread 0xe9532b70 (LWP 22936)]
[New Thread 0xe8d31b70 (LWP 22937)]
[New Thread 0xe8530b70 (LWP 22938)]
[New Thread 0xe7d2fb70 (LWP 22939)]
[New Thread 0xe6d2db70 (LWP 22941)]
[New Thread 0xe652cb70 (LWP 22942)]
[New Thread 0xe752eb70 (LWP 22940)]
[New Thread 0xe5d2bb70 (LWP 22943)]
[New Thread 0xcd524b70 (LWP 22944)]
[New Thread 0xccd23b70 (LWP 22945)]
[New Thread 0xcc3dbb70 (LWP 22946)]
[New Thread 0xcbbdab70 (LWP 22947)]
[New Thread 0xcb3d9b70 (LWP 22948)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xcc3dbb70 (LWP 22946)]
_int_malloc (av=0xf65f93c0, bytes=261229) at malloc.c:4426
4426	malloc.c: Datei oder Verzeichnis nicht gefunden.
	in malloc.c

+ Trace 221844

Thread 41 (Thread 0xcc3dbb70 (LWP 22946))

#0 _int_malloc
at malloc.c line 4426
#1 *__GI___libc_malloc
at malloc.c line 3660
#2 WM_BufferFile
from /usr/lib/libWildMidi.so.0
#3 load_sample
from /usr/lib/libWildMidi.so.0
#4 load_patch
from /usr/lib/libWildMidi.so.0
#5 do_amp_setup_patch
from /usr/lib/libWildMidi.so.0
#6 WM_ParseNewMidi
from /usr/lib/libWildMidi.so.0
#7 WildMidi_OpenBuffer
from /usr/lib/libWildMidi.so.0
#8 gst_wildmidi_parse_song
at gstwildmidi.c line 673
#9 gst_wildmidi_loop
at gstwildmidi.c line 811
#10 gst_task_func
at gsttask.c line 271
#11 default_func
at gsttaskpool.c line 68
#12 g_thread_pool_thread_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthreadpool.c line 315
#13 g_thread_create_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthread.c line 1893
#14 start_thread
at pthread_create.c line 300
#15 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130


Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

Comment 3 Reinout van Schouwen 2010-05-10 14:19:16 UTC

That's a bit better, but could you also install debug symbols for (lib)wildmidi please?

Comment 4 Paul Menzel 2010-05-10 17:43:55 UTC

(In reply to comment #3)
> That's a bit better, but could you also install debug symbols for (lib)wildmidi
> please?

Ok I generated a package with debugging symbols [1].

    $ DEB_BUILD_OPTIONS="nostrip noopt" fakeroot apt-get -b source libwildmidi0

[1] http://wiki.debian.org/HowToGetABacktrace

Starting program: /usr/bin/epiphany-browser 
[Thread debugging using libthread_db enabled]
[New Thread 0xf11e7b70 (LWP 6097)]
[New Thread 0xf08c6b70 (LWP 6098)]
[New Thread 0xefeffb70 (LWP 6099)]
[Thread 0xefeffb70 (LWP 6099) exited]
[New Thread 0xefeffb70 (LWP 6100)]
[Thread 0xefeffb70 (LWP 6100) exited]
[New Thread 0xefeffb70 (LWP 6101)]
[New Thread 0xef17fb70 (LWP 6102)]
[New Thread 0xee97eb70 (LWP 6103)]
[New Thread 0xee17db70 (LWP 6104)]
[Thread 0xefeffb70 (LWP 6101) exited]
[Thread 0xef17fb70 (LWP 6102) exited]
[Thread 0xee97eb70 (LWP 6103) exited]
[Thread 0xee17db70 (LWP 6104) exited]
[New Thread 0xee17db70 (LWP 6127)]
[New Thread 0xee97eb70 (LWP 6128)]
[New Thread 0xef17fb70 (LWP 6129)]
[New Thread 0xefeffb70 (LWP 6130)]
[Thread 0xee97eb70 (LWP 6128) exited]
[Thread 0xef17fb70 (LWP 6129) exited]
[Thread 0xefeffb70 (LWP 6130) exited]
[New Thread 0xefeffb70 (LWP 6131)]
[New Thread 0xef17fb70 (LWP 6132)]
[New Thread 0xee97eb70 (LWP 6133)]
[New Thread 0xed72bb70 (LWP 6134)]
[New Thread 0xecf29b70 (LWP 6135)]
[New Thread 0xec728b70 (LWP 6136)]
[New Thread 0xebf27b70 (LWP 6137)]
[Thread 0xee97eb70 (LWP 6133) exited]
[Thread 0xee17db70 (LWP 6127) exited]
[Thread 0xed72bb70 (LWP 6134) exited]
[Thread 0xecf29b70 (LWP 6135) exited]
[Thread 0xec728b70 (LWP 6136) exited]
[Thread 0xefeffb70 (LWP 6131) exited]
[Thread 0xef17fb70 (LWP 6132) exited]
[New Thread 0xef17fb70 (LWP 6138)]
[New Thread 0xefeffb70 (LWP 6139)]
[New Thread 0xec728b70 (LWP 6140)]
[Thread 0xefeffb70 (LWP 6139) exited]
[Thread 0xec728b70 (LWP 6140) exited]
[Thread 0xef17fb70 (LWP 6138) exited]
[Thread 0xebf27b70 (LWP 6137) exited]
[New Thread 0xef17fb70 (LWP 6141)]
[New Thread 0xebf27b70 (LWP 6142)]
[New Thread 0xec728b70 (LWP 6144)]
[New Thread 0xefeffb70 (LWP 6145)]
[New Thread 0xecf29b70 (LWP 6146)]
[New Thread 0xee4f7b70 (LWP 6147)]
[New Thread 0xed72bb70 (LWP 6152)]
[New Thread 0xeb5adb70 (LWP 6153)]
[New Thread 0xeadacb70 (LWP 6154)]
[New Thread 0xea5abb70 (LWP 6155)]
[New Thread 0xe9daab70 (LWP 6156)]
[New Thread 0xe95a9b70 (LWP 6157)]
[New Thread 0xe8da8b70 (LWP 6158)]
[New Thread 0xe85a7b70 (LWP 6159)]
[New Thread 0xe7da6b70 (LWP 6160)]
[New Thread 0xe6da4b70 (LWP 6162)]
[New Thread 0xe65a3b70 (LWP 6163)]
[New Thread 0xe75a5b70 (LWP 6161)]
[New Thread 0xcdcf0b70 (LWP 6164)]
[New Thread 0xcd4efb70 (LWP 6165)]
[New Thread 0xcc9ffb70 (LWP 6166)]
[New Thread 0xcbdcdb70 (LWP 6167)]
[New Thread 0xcb3ffb70 (LWP 6168)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xcc9ffb70 (LWP 6166)]
malloc_consolidate (av=0xf65f93c0) at malloc.c:5109
5109	malloc.c: Datei oder Verzeichnis nicht gefunden.
	in malloc.c

+ Trace 221849

Thread 44 (Thread 0xcc9ffb70 (LWP 6166))

#0 malloc_consolidate
at malloc.c line 5109
#1 _int_malloc
at malloc.c line 4360
#2 *__GI___libc_malloc
at malloc.c line 3660
#3 WM_ParseNewMidi
at wildmidi_lib.c line 3670
#4 WildMidi_OpenBuffer
at wildmidi_lib.c line 3887
#5 gst_wildmidi_parse_song
at gstwildmidi.c line 673
#6 gst_wildmidi_loop
at gstwildmidi.c line 811
#7 gst_task_func
at gsttask.c line 271
#8 default_func
at gsttaskpool.c line 68
#9 g_thread_pool_thread_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthreadpool.c line 315
#10 g_thread_create_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthread.c line 1893
#11 start_thread
at pthread_create.c line 300
#12 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

Thread 43 (Thread 0xcd4efb70 (LWP 6165))

#0 _int_malloc
at malloc.c line 4426
#1 _int_realloc
at malloc.c line 5246
#2 *__GI___libc_realloc
at malloc.c line 3821
#3 load_patch
at wildmidi_lib.c line 2371
#4 do_amp_setup_note_on
at wildmidi_lib.c line 3185
#5 WM_ParseNewMidi
at wildmidi_lib.c line 3598
#6 WildMidi_OpenBuffer
at wildmidi_lib.c line 3887
#7 gst_wildmidi_parse_song
at gstwildmidi.c line 673
#8 gst_wildmidi_loop
at gstwildmidi.c line 811
#9 gst_task_func
at gsttask.c line 271
#10 default_func
at gsttaskpool.c line 68
#11 g_thread_pool_thread_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthreadpool.c line 315
#12 g_thread_create_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthread.c line 1893
#13 start_thread
at pthread_create.c line 300
#14 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

Thread 42 (Thread 0xcdcf0b70 (LWP 6164))

#0 do_amp_setup_note_on
at wildmidi_lib.c line 3158
#1 WM_ParseNewMidi
at wildmidi_lib.c line 3598
#2 WildMidi_OpenBuffer
at wildmidi_lib.c line 3887
#3 gst_wildmidi_parse_song
at gstwildmidi.c line 673
#4 gst_wildmidi_loop
at gstwildmidi.c line 811
#5 gst_task_func
at gsttask.c line 271
#6 default_func
at gsttaskpool.c line 68
#7 g_thread_pool_thread_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthreadpool.c line 315
#8 g_thread_create_proxy
at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gthread.c line 1893
#9 start_thread
at pthread_create.c line 300
#10 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

Comment 5 Reinout van Schouwen 2010-05-10 22:33:47 UTC

Thank you, I think you provided all required information. From here, it's up to the GStreamer devs.

Comment 6 Benjamin Otte (Company) 2010-05-11 02:41:56 UTC

This seems to be a bug in WildMidi. Valgrind is reporting a bunch of invalid reads and writes in it before crashing.

Comment 7 Benjamin Otte (Company) 2010-05-11 02:49:01 UTC

Created attachment 160798 [details] [review]
patch for WildMidi 0.2.2

This patch fixes the problem for me. But it's a WildMidi and not a GStreamer patch - in case distros want to apply it.

Comment 8 Paul Menzel 2010-05-17 08:17:13 UTC

Thanks a lot Benjamin. Sebastian added your patch to Debian package version 0.2.2-3 [1] and Epiphany does not crash anymore.

One question. Is there a way to prevent GStreamer from crashing if a library behaves badly?

Anyway I added a new artifact in the Sourceforge.org bug tracker for WildMidi [2] and I am closing this bug/marking it as RESOLVED as NOTGNOME. If you want it to be marked as FIXED please do so.

[1] http://packages.debian.org/changelogs/pool/main/w/wildmidi/wildmidi_0.2.2-3/changelog
[2] https://sourceforge.net/tracker/?func=detail&aid=3002583&group_id=42635&atid=433744