After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 640028 - [qtdemux] crash on malformed mov stream
[qtdemux] crash on malformed mov stream
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
0.10.24
Other Linux
: Normal normal
: 0.10.27
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2011-01-20 04:28 UTC by Alex Converse
Modified: 2011-01-20 11:24 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
FFmpeg muxed MS ADPCM in mov (670.04 KB, application/x-bzip)
2011-01-20 06:34 UTC, Alex Converse
  Details
qtdemux: Gracefully handle mov files misusing the WAVE atoms (2.84 KB, patch)
2011-01-20 10:48 UTC, Edward Hervey
committed Details | Review

Description Alex Converse 2011-01-20 04:28:47 UTC
qtdemux seems to crash on certain malformed mov movies. This particular sort of deformity may be more prevalent in the wild because they are created by recent versions of ffmpeg attempting to mux adpcm_ms.

Logs:

$ gdb --args gst-launch-0.10 filesrc location=ff_adpcm_ms.mov ! decodebin
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/gst-launch-0.10...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/gst-launch-0.10 filesrc location=ff_adpcm_ms.mov \! decodebin
[Thread debugging using libthread_db enabled]
Setting pipeline to PAUSED ...
[New Thread 0x7ffff37d8710 (LWP 14984)]
Pipeline is PREROLLING ...

Program received signal SIGSEGV, Segmentation fault.

Thread 140737278478096 (LWP 14984)

  • #0 qtdemux_parse_trak
    at qtdemux.c line 5882
  • #1 qtdemux_parse_tree
    at qtdemux.c line 7237
  • #2 gst_qtdemux_loop_state_header
    at qtdemux.c line 1867
  • #3 gst_qtdemux_loop
    at qtdemux.c line 2877
  • #4 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #5 ??
    from /lib/libglib-2.0.so.0
  • #6 ??
    from /lib/libglib-2.0.so.0
  • #7 start_thread
    at pthread_create.c line 300
  • #8 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
  • #9 ??
  • #0 vgModuleLocal_do_syscall_for_client_WRK
  • #1 ??
  • #2 ??
  • #3 ??
  • #4 vgPlain_threads
  • #5 ??
  • #6 ??
  • #7 syscallInfo
  • #8 ??
  • #9 ??
  • #10 vgPlain_threads
  • #11 syscallInfo
  • #12 do_syscall_for_client
  • #13 vgPlain_client_syscall
  • #14 handle_syscall
  • #15 vgPlain_scheduler
  • #16 thread_wrapper
  • #17 run_a_thread_NORETURN
    at m_syswrap/syswrap-linux.c line 127
  • #18 ??

^C==14986== 
==14986== HEAP SUMMARY:
==14986==     in use at exit: 3,039,325 bytes in 17,538 blocks
==14986==   total heap usage: 28,464 allocs, 10,926 frees, 3,682,389 bytes allocated
==14986== 
==14986== LEAK SUMMARY:
==14986==    definitely lost: 145 bytes in 5 blocks
==14986==    indirectly lost: 240 bytes in 10 blocks
==14986==      possibly lost: 2,842,050 bytes in 15,506 blocks
==14986==    still reachable: 196,890 bytes in 2,017 blocks
==14986==         suppressed: 0 bytes in 0 blocks
==14986== Rerun with --leak-check=full to see details of leaked memory
==14986== 
==14986== For counts of detected and suppressed errors, rerun with: -v
==14986== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 46 from 7)
Killed
Comment 1 Alex Converse 2011-01-20 06:34:48 UTC
Created attachment 178813 [details]
FFmpeg muxed MS ADPCM in mov
Comment 2 Edward Hervey 2011-01-20 10:48:39 UTC
Created attachment 178821 [details] [review]
qtdemux: Gracefully handle mov files misusing the WAVE atoms

Check that the WAVEHEADER node is present instead of blindly using it.
If not present we won't be able to provide a more refined caps, but at
least we won't crash.
Comment 3 Edward Hervey 2011-01-20 11:15:33 UTC
This might not be the 'perfect' fix btw. There is some data ('glbl' atom) we're not handling in qtdemux which might contain the needed waveheader info.
But at least that patch (1) avoids the crash, (2) plays the file even if it sounds crap.
Comment 4 Edward Hervey 2011-01-20 11:23:51 UTC
commit 6d545e29add17f1c02ee4fe5623409ed63369c17
Author: Edward Hervey <edward.hervey@collabora.co.uk>
Date:   Thu Jan 20 11:45:47 2011 +0100

    qtdemux: Gracefully handle mov files misusing the WAVE atoms
    
    Check that the WAVEHEADER node is present instead of blindly using it.
    If not present we won't be able to provide a more refined caps, but at
    least we won't crash.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=640028