After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 637918 - [modplug] memory corruption / invalid writes
[modplug] memory corruption / invalid writes
Status: RESOLVED DUPLICATE of bug 614361
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
0.10.x
Other Linux
: Normal critical
: NONE
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2010-12-24 06:40 UTC by Björn Lindqvist
Modified: 2011-01-07 11:19 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Totem crash in valgrind (127.30 KB, text/x-log)
2011-01-03 14:25 UTC, Björn Lindqvist 		Details
A longer crash log (124.34 KB, text/x-log)
2011-01-03 14:29 UTC, Björn Lindqvist 		Details

Description Björn Lindqvist 2010-12-24 06:40:38 UTC 
This segfault is reproducible with totem 2.30.2:


*** glibc detected *** totem: malloc(): memory corruption: 0x00007fda540173b0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7fda6b1f35b6]
/lib/libc.so.6(+0x7b6d8)[0x7fda6b1f76d8]
/lib/libc.so.6(__libc_malloc+0x6e)[0x7fda6b1f858e]
/lib/libglib-2.0.so.0(g_realloc+0x2f)[0x7fda6be9258f]
/lib/libglib-2.0.so.0(+0x18dcb)[0x7fda6be63dcb]
/lib/libglib-2.0.so.0(g_array_sized_new+0xab)[0x7fda6be63fab]
/usr/lib/libgstreamer-0.10.so.0(+0x76439)[0x7fda6f164439]
/usr/lib/libgstreamer-0.10.so.0(gst_structure_copy+0x2d)[0x7fda6f16448d]
/usr/lib/libgstreamer-0.10.so.0(gst_caps_copy+0x8f)[0x7fda6f123c6f]
/usr/lib/libgstreamer-0.10.so.0(gst_caps_subtract+0x82)[0x7fda6f123d12]
/usr/lib/libgstreamer-0.10.so.0(gst_caps_is_subset+0x51)[0x7fda6f123f51]
/usr/lib/libgstreamer-0.10.so.0(+0x52be7)[0x7fda6f140be7]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_get_caps_reffed+0xca)[0x7fda6f14428a]
/usr/lib/libgstreamer-0.10.so.0(+0x46ebd)[0x7fda6f134ebd]
/usr/lib/libgstreamer-0.10.so.0(+0x52bac)[0x7fda6f140bac]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_get_caps_reffed+0xca)[0x7fda6f14428a]
/usr/lib/libgstreamer-0.10.so.0(+0x46ebd)[0x7fda6f134ebd]
/usr/lib/libgstreamer-0.10.so.0(+0x52bac)[0x7fda6f140bac]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_get_caps_reffed+0xca)[0x7fda6f14428a]
/usr/lib/libgstreamer-0.10.so.0(+0x46ebd)[0x7fda6f134ebd]
/usr/lib/libgstreamer-0.10.so.0(+0x52bac)[0x7fda6f140bac]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_get_caps_reffed+0xca)[0x7fda6f14428a]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_peer_get_caps_reffed+0xad)[0x7fda6f146d0d]
/usr/lib/libgstbase-0.10.so.0(+0x2476b)[0x7fda715ef76b]
/usr/lib/libgstreamer-0.10.so.0(+0x52bac)[0x7fda6f140bac]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_get_caps_reffed+0xca)[0x7fda6f14428a]
/usr/lib/libgstreamer-0.10.so.0(+0x46ebd)[0x7fda6f134ebd]
/usr/lib/libgstreamer-0.10.so.0(+0x52bac)[0x7fda6f140bac]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_get_caps_reffed+0xca)[0x7fda6f14428a]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_peer_get_caps_reffed+0xad)[0x7fda6f146d0d]
/usr/lib/libgstbase-0.10.so.0(+0x2476b)[0x7fda715ef76b]
/usr/lib/libgstreamer-0.10.so.0(+0x52bac)[0x7fda6f140bac]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_get_caps_reffed+0xca)[0x7fda6f14428a]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_peer_get_caps_reffed+0xad)[0x7fda6f146d0d]
/usr/lib/libgstbase-0.10.so.0(+0x2476b)[0x7fda715ef76b]
/usr/lib/libgstreamer-0.10.so.0(+0x52bac)[0x7fda6f140bac]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_get_caps_reffed+0xca)[0x7fda6f14428a]
/usr/lib/libgstbase-0.10.so.0(+0x245f1)[0x7fda715ef5f1]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_accept_caps+0x12c)[0x7fda6f14472c]
/usr/lib/libgstreamer-0.10.so.0(+0x46e54)[0x7fda6f134e54]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_accept_caps+0x12c)[0x7fda6f14472c]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_peer_accept_caps+0xc4)[0x7fda6f146bf4]
/usr/lib/gstreamer-0.10/libgstcoreelements.so(+0x2199d)[0x7fda63cda99d]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_accept_caps+0x12c)[0x7fda6f14472c]
/usr/lib/libgstreamer-0.10.so.0(+0x46e54)[0x7fda6f134e54]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_accept_caps+0x12c)[0x7fda6f14472c]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_peer_accept_caps+0xc4)[0x7fda6f146bf4]
/usr/lib/gstreamer-0.10/libgstplaybin.so(+0x26e77)[0x7fda6411de77]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_accept_caps+0x12c)[0x7fda6f14472c]
/usr/lib/libgstreamer-0.10.so.0(+0x46e54)[0x7fda6f134e54]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_accept_caps+0x12c)[0x7fda6f14472c]
/usr/lib/libgstreamer-0.10.so.0(+0x46e54)[0x7fda6f134e54]
/usr/lib/libgstreamer-0.10.so.0(gst_pad_accept_caps+0x12c)[0x7fda6f14472c]
/usr/lib/libgstreamer-0.10.so.0(+0x56829)[0x7fda6f144829]
/usr/lib/libgstreamer-0.10.so.0(+0x56b62)[0x7fda6f144b62]
Segmenteringsfel
Comment 1 Philip Withnall 2010-12-24 10:02:00 UTC 
Could you ensure you've got debugging symbols for Totem and GStreamer (and all your GStreamer plugins) installed, and get a memcheck log using Valgrind please? Use the following command in a terminal and attach the resulting log file to this bug report please:

G_DEBUG=gc-friendly G_SLICE=all valgrind --tool=memcheck totem &> totem.log
Comment 2 Björn Lindqvist 2010-12-30 21:04:17 UTC 
There are debug symbols in the above log isn't there? I don't have time to recompile lots of packages just for this bug, sorry.
Comment 3 Philip Withnall 2010-12-30 21:35:37 UTC 
There are; the main thing we need is a valgrind log produced using the above command.
Comment 4 Björn Lindqvist 2011-01-03 14:25:20 UTC 
Created attachment 177407 [details]
Totem crash in valgrind

Valgrind log.
Comment 5 Björn Lindqvist 2011-01-03 14:29:50 UTC 
Created attachment 177409 [details]
A longer crash log
Comment 6 Philip Withnall 2011-01-03 15:28:44 UTC 
That's interesting; I've never seen anything like this before. Could you disable all your Python Totem plugins (e.g. dbus, dvb-daemon, iplayer, jamendo, opensubtitles and pythonconsole) and see if you can reproduce it please?

If you can, please install the GStreamer (and GStreamer plugins) debug symbols and attach an updated Valgrind log (gathered with the command given in comment #1) here — if the crash is not being caused by Python, it's most likely being caused by the GStreamer stuff happening at line 1714 in totem2.log, which is missing GStreamer debug symbols.

Thank you.
Comment 7 Tim-Philipp Müller 2011-01-03 15:45:34 UTC 
Does this happen with all kinds of files, or just files played back using the modplug plugin?
Comment 8 Björn Lindqvist 2011-01-03 15:51:08 UTC 
(In reply to comment #7)
> Does this happen with all kinds of files, or just files played back using the
> modplug plugin?

I've now verified that it only happens on mod files (by clicking on lots of .mod, .xm and .mp3 files) so I guess the modplug plugin is to blame. Philip, do you still want me to disable the python plugins or install debug gstreamer?
Comment 9 Philip Withnall 2011-01-03 16:10:59 UTC 
(In reply to comment #8)
> (In reply to comment #7)
> > Does this happen with all kinds of files, or just files played back using the
> > modplug plugin?
> 
> I've now verified that it only happens on mod files (by clicking on lots of
> .mod, .xm and .mp3 files) so I guess the modplug plugin is to blame. Philip, do
> you still want me to disable the python plugins or install debug gstreamer?

It looks like it's either a problem in gst-plugins-bad or libmodplug itself, so there's no need to disable your Python plugins. However, a valgrind log with the GStreamer (and gst-plugins-bad) debug symbols installed would be helpful, thanks.
Comment 10 Tim-Philipp Müller 2011-01-07 11:19:37 UTC 
Seems to be an issue with modplug, it thinks longs are always 32-bit.

*** This bug has been marked as a duplicate of bug 614361 ***