Bug 667103 – discoverer.discover_uri() segfaults

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 667103 - discoverer.discover_uri() segfaults


Summary:	discoverer.discover_uri() segfaults


Status:	RESOLVED OBSOLETE

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-base
Version:	0.10.35
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	git master
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2012-01-01 20:15 UTC by sgringwe
Modified:	2013-07-17 15:53 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description sgringwe 2012-01-01 20:15:03 UTC

When making a call to discover_uri(), it will segfault once every ~1000 uris (or so), and almost every time i try to import my 7000 song library. The code and output is at http://pastebin.com/NSM2bcmR, or below:

importing /media/5A2813CC2813A653/Documents and Settings/Scott/Music/Better Than Ezra/Deluxe/Coyote.flac
getting info..

(beatbox:20677): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

(beatbox:20677): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

(beatbox:20677): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

(beatbox:20677): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

(beatbox:20677): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

(beatbox:20677): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

Program received signal SIGSEGV, Segmentation fault.

+ Trace 229361

Thread 3005209456 (LWP 20702)

#0 g_type_check_value
from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#1 gst_value_init_and_copy
from /usr/lib/libgstreamer-0.10.so.0
#2 gst_structure_copy
from /usr/lib/libgstreamer-0.10.so.0
#3 ??
from /usr/lib/libgstreamer-0.10.so.0
#4 ??
from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#5 ??
from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#6 ??
from /usr/lib/libgstreamer-0.10.so.0
#7 gst_structure_id_set
from /usr/lib/libgstreamer-0.10.so.0
#8 ??
from /usr/lib/libgstpbutils-0.10.so.0
#9 ??
from /usr/lib/libgstpbutils-0.10.so.0
#10 ??
from /usr/lib/libgstpbutils-0.10.so.0
#11 ??
from /usr/lib/libgstpbutils-0.10.so.0
#12 ??
from /usr/lib/libgstpbutils-0.10.so.0
#13 gst_discoverer_discover_uri
from /usr/lib/libgstpbutils-0.10.so.0
#14 beat_box_file_operator_import_song
#15 beat_box_file_operator_get_music_files
#16 beat_box_file_operator_get_music_files
#17 beat_box_file_operator_get_music_files
#18 beat_box_library_manager_set_music_thread_function
#19 _beat_box_library_manager_set_music_thread_function_gthread_func
#20 ??
from /lib/i386-linux-gnu/libglib-2.0.so.0
#21 start_thread
from /lib/i386-linux-gnu/libpthread.so.0
#22 clone
from /lib/i386-linux-gnu/libc.so.6








public Song? import_song(GLib.File file) {
		Song s = new Song(file.get_path());
		stdout.printf("importing %s\n", file.get_path());
		DiscovererInfo info;
		
		try {
			stdout.printf("getting info..\n");
			info = disc.discover_uri(file.get_uri());
			stdout.printf("info recieved\n");
			if(info == null)
				return null;
		}
		catch(GLib.Error err) {
			stdout.printf("Could not read song's metadata\n");
			return null;
		}
		stdout.printf("import_song info fetched\n");
		unowned TagList tags = info.get_tags();
		stdout.printf("taglist set\n");
		if(info != null && tags != null) {
			try {
				string title, artist, album_artist, album, genre, comment, lyrics;
				uint track, track_count, album_number, album_count, bitrate, rating;
				double bpm;
				int64 duration;
				GLib.Date? date = new GLib.Date();
				stdout.printf("0\n");
				/* get title, artist, album artist, album, genre, comment, lyrics strings */
				if(tags.get_string(TAG_TITLE, out title))
					s.title = title;
				if(tags.get_string(TAG_ARTIST, out artist))
					s.artist = artist;
				stdout.printf("a\n");
				if(tags.get_string(TAG_ALBUM_ARTIST, out album_artist))
					s.album_artist = album_artist;
				else
					s.album_artist = s.artist;
				stdout.printf("b\n");
				if(tags.get_string(TAG_ALBUM, out album))
					s.album = album;
				if(tags.get_string(TAG_GENRE, out genre))
					s.genre = genre;
				if(tags.get_string(TAG_COMMENT, out comment))
					s.comment = comment;
				if(tags.get_string(TAG_LYRICS, out lyrics))
					s.lyrics = lyrics;
				
				/* get the year */
				if(tags.get_date(TAG_DATE, out date)) {
					if(date != null)
						s.year = (int)date.get_year();
				}
				/* get track/album number/count, bitrating, rating, bpm */
				if(tags.get_uint(TAG_TRACK_NUMBER, out track))
					s.track = (int)track;
				if(tags.get_uint(TAG_TRACK_COUNT, out track_count))
					s.track_count = track_count;
					
				if(tags.get_uint(TAG_ALBUM_VOLUME_NUMBER, out album_number))
					s.album_number = album_number;
				if(tags.get_uint(TAG_ALBUM_VOLUME_COUNT, out album_count))
					s.album_count = album_count;
				
				if(tags.get_uint(TAG_BITRATE, out bitrate))
					s.bitrate = (int)(bitrate/1000);
				if(tags.get_uint(TAG_USER_RATING, out rating))
					s.rating = (int)((rating > 0 && rating <= 5) ? rating : 0);
				if(tags.get_double(TAG_BEATS_PER_MINUTE, out bpm))
					s.bpm = (int)bpm;
				
				if(info.get_audio_streams().length() > 0)
					s.samplerate = info.get_audio_streams().nth_data(0).get_sample_rate();
				
				/* get length */
				s.length = info.get_duration()/1000000000;
				
				s.date_added = (int)time_t();
				stdout.printf("g\n");
				/* get the size and convert to MB */
				s.file_size = (int)(file.query_info("*", FileQueryInfoFlags.NONE).get_size()/1000000);
				
			}
			finally {
				if(s.title == null || s.title == "") {
					string[] paths = file.get_path().split("/", 0);
					s.title = paths[paths.length - 1];
				}
				if(s.artist == null || s.artist == "") s.artist = "Unknown";
			}
		}
		else {
			return null;
		}
		
		return s;
	}

Comment 1 Tim-Philipp Müller 2012-01-02 13:58:44 UTC

Could you run your application in gdb like this:

 $ G_DEBUG=fatal_warnings gdb --args ./yourapp
 (gdb) run
 ... should abort at gst_value_init_and_copy() warning
 (gdb) bt
 ... copy the stack trace from here
 (gdb) kill

Thanks!

PS: you have filed this against version 0.10.36, which hasn't been released yet. What version of core/base are you actually using? (0.10.35? git? pre-releases? something else?)

Comment 2 sgringwe 2012-01-02 15:23:56 UTC

This is the stack trace (plus the gstreamer-critical) using that command.

GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

Program received signal SIGTRAP, Trace/breakpoint trap.

+ Trace 229370

Thread 2916072304 (LWP 19255)

#0 g_logv
from /lib/i386-linux-gnu/libglib-2.0.so.0
#1 g_log
from /lib/i386-linux-gnu/libglib-2.0.so.0
#2 g_return_if_fail_warning
from /lib/i386-linux-gnu/libglib-2.0.so.0
#3 gst_value_init_and_copy
from /usr/lib/libgstreamer-0.10.so.0
#4 ??
from /usr/lib/libgstreamer-0.10.so.0
#5 ??
from /usr/lib/libgstreamer-0.10.so.0
#6 g_value_copy
from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#7 gst_value_init_and_copy
from /usr/lib/libgstreamer-0.10.so.0
#8 gst_structure_copy
from /usr/lib/libgstreamer-0.10.so.0
#9 ??
from /usr/lib/libgstreamer-0.10.so.0
#10 ??
from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#11 ??
from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#12 ??
from /usr/lib/libgstreamer-0.10.so.0
#13 gst_structure_id_set
from /usr/lib/libgstreamer-0.10.so.0
#14 collect_stream_information
at gstdiscoverer.c line 594
#15 find_stream_for_node
#16 parse_stream_topology
at gstdiscoverer.c line 819
#17 parse_stream_topology
at gstdiscoverer.c line 858
#18 parse_stream_topology
at gstdiscoverer.c line 852
#19 parse_stream_topology
at gstdiscoverer.c line 863
#20 discoverer_collect
at gstdiscoverer.c line 972
#21 gst_discoverer_discover_uri
at gstdiscoverer.c line 1477
#22 beat_box_gstreamer_tagger_import_song
#23 beat_box_file_operator_import_song
#24 beat_box_file_operator_get_music_files_set
#25 beat_box_file_operator_get_music_files_set
#26 beat_box_file_operator_get_music_files_set
#27 beat_box_library_manager_set_music_thread_function
#28 _beat_box_library_manager_set_music_thread_function_gthread_fu---Type <return> to continue, or q <return> to quit--- nc
#29 ??
from /lib/i386-linux-gnu/libglib-2.0.so.0
#30 start_thread
at pthread_create.c line 304
#31 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130


I actually meant 0.10.35.

If you'd like, you can test it yourself at launchpad.net/beat-box. I will push my current code right now.

Thanks you very much

Comment 3 sgringwe 2012-01-03 04:07:02 UTC

FYI, this looks to be the same bug: https://bugzilla.gnome.org/show_bug.cgi?id=640210

Comment 4 Tim-Philipp Müller 2012-01-03 15:08:18 UTC

Thanks, It would helpful if you could install debug symbols for glib and GStreamer (sudo apt-get install libglib2.0-0-dbg  libgstreamer0.10-0-dbg gstreamer0.10-plugins-base-dbg gstreamer0.10-plugins-good-dbg if on a debian/ubuntu system) and then create a new stacktrace.

Comment 5 sgringwe 2012-01-03 20:58:33 UTC

With debug symbols:

(beatbox:3051): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

(beatbox:3051): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

(beatbox:3051): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

Program received signal SIGSEGV, Segmentation fault.

+ Trace 229383

Thread 2915810160 (LWP 3562)

#0 type_check_is_value_type_U
at /build/buildd/glib2.0-2.30.0/./gobject/gtype.c line 4092
#1 g_type_check_value
at /build/buildd/glib2.0-2.30.0/./gobject/gtype.c line 4126
#2 gst_value_init_and_copy
at gstvalue.c line 3854
#3 gst_structure_copy
at gststructure.c line 312
#4 gst_structure_copy_conditional
at gststructure.c line 2335
#5 _g_type_boxed_copy
at /build/buildd/glib2.0-2.30.0/./gobject/gtype.c line 4225
#6 boxed_proxy_collect_value
at /build/buildd/glib2.0-2.30.0/./gobject/gboxed.c line 228
#7 boxed_proxy_collect_value
at /build/buildd/glib2.0-2.30.0/./gobject/gboxed.c line 213
#8 gst_structure_id_set_valist_internal
at gststructure.c line 647
#9 gst_structure_id_set
at gststructure.c line 681
#10 collect_stream_information
at gstdiscoverer.c line 594
#11 find_stream_for_node
at gstdiscoverer.c line 773
#12 parse_stream_topology
at gstdiscoverer.c line 819
#13 parse_stream_topology
at gstdiscoverer.c line 858
#14 parse_stream_topology
at gstdiscoverer.c line 852
#15 parse_stream_topology
at gstdiscoverer.c line 863
#16 discoverer_collect
at gstdiscoverer.c line 972
#17 gst_discoverer_discover_uri
at gstdiscoverer.c line 1477
#18 beat_box_gstreamer_tagger_import_song
#19 beat_box_file_operator_import_song
#20 beat_box_file_operator_get_music_files_set
#21 beat_box_file_operator_get_music_files_set
#22 beat_box_file_operator_get_music_files_set
#23 beat_box_library_manager_set_music_thread_function
#24 _beat_box_library_manager_set_music_thread_function_gthread_func
#25 g_thread_create_proxy
at /build/buildd/glib2.0-2.30.0/./glib/gthread.c line 1962
#26 start_thread
at pthread_create.c line 304
#27 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

Comment 6 Tim-Philipp Müller 2012-01-05 15:23:31 UTC

Right, this matches the valgrind log in the other bug report (although that one was against 0.10.32).

I don't really know what might cause this, possibly a stale pointer.

Could you re-do a valgrind log as well please, like this (the other valgrind log didn't disable GSlice so was less useful than it could have been):

 $ export G_SLICE=always-malloc
 $ valgrind ./yourapp ...

Comment 7 sgringwe 2012-01-05 16:35:11 UTC

I am trying that now, but I have doubts that it will crash because of http://valgrind.org/docs/manual/faq.html#faq.crashes.

Comment 8 Tim-Philipp Müller 2012-01-05 17:52:08 UTC

I can reproduce this using the vala test of the bug reporter and the mp3 file from the other bug, and gstreamer core/base 0.10.35:

==2197== Invalid read of size 8
==2197==    at 0x5A0F2EC: g_type_check_value (gtype.c:4133)
==2197==    by 0x5A11D82: g_value_copy (gvalue.c:206)
==2197==    by 0x50E5E6D: copy_garray_of_gstvalue.isra.32 (gstvalue.c:230)
==2197==    by 0x50E5F5F: gst_value_copy_list_or_array (gstvalue.c:241)
==2197==    by 0x50CB811: gst_structure_copy (gststructure.c:312)
==2197==    by 0x59E7EAF: boxed_proxy_collect_value (gboxed.c:228)
==2197==    by 0x50CA605: gst_structure_id_set_valist_internal (gststructure.c:647)
==2197==    by 0x50CC1AB: gst_structure_id_set (gststructure.c:681)
==2197==    by 0x4E427E9: parse_stream_topology (gstdiscoverer.c:594)
==2197==    by 0x4E428D5: parse_stream_topology (gstdiscoverer.c:858)
==2197==    by 0x4E42853: parse_stream_topology (gstdiscoverer.c:852)
==2197==    by 0x4E42920: parse_stream_topology (gstdiscoverer.c:863)
==2197==  Address 0xc414ad8 is 24 bytes inside a block of size 128 free'd
==2197==    at 0x4C268FE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2197==    by 0x6255AE9: g_array_free (garray.c:302)
==2197==    by 0x5A11752: g_value_unset (gvalue.c:275)
==2197==    by 0x50C9FDA: gst_structure_free (gststructure.c:340)
==2197==    by 0x4E43348: _event_probe (gstdiscoverer.c:428)
==2197==    by 0x50EF847: gst_marshal_BOOLEAN__POINTER (gstmarshal.c:586)
==2197==    by 0x59EA803: g_closure_invoke (gclosure.c:774)
==2197==    by 0x59FC789: signal_emit_unlocked_R (gsignal.c:3272)
==2197==    by 0x5A0541F: g_signal_emitv (gsignal.c:2907)
==2197==    by 0x507763A: gst_pad_emit_have_data_signal (gstpad.c:4143)
==2197==    by 0x50B20CA: gst_pad_push_event (gstpad.c:5236)
==2197==    by 0x509B730: gst_proxy_pad_do_event (gstghostpad.c:114)
==2197== 

(discoverer:2197): GLib-GObject-CRITICAL **: g_value_copy: assertion `G_IS_VALUE (src_value)' failed
==2197== Invalid read of size 8
==2197==    at 0x50E5E5E: copy_garray_of_gstvalue.isra.32 (gstvalue.c:230)
==2197==    by 0x50E5F5F: gst_value_copy_list_or_array (gstvalue.c:241)
==2197==    by 0x50CB811: gst_structure_copy (gststructure.c:312)
==2197==    by 0x59E7EAF: boxed_proxy_collect_value (gboxed.c:228)
==2197==    by 0x50CA605: gst_structure_id_set_valist_internal (gststructure.c:647)
==2197==    by 0x50CC1AB: gst_structure_id_set (gststructure.c:681)
==2197==    by 0x4E427E9: parse_stream_topology (gstdiscoverer.c:594)
==2197==    by 0x4E428D5: parse_stream_topology (gstdiscoverer.c:858)
==2197==    by 0x4E42853: parse_stream_topology (gstdiscoverer.c:852)
==2197==    by 0x4E42920: parse_stream_topology (gstdiscoverer.c:863)
==2197==    by 0x4E42BCF: discoverer_collect (gstdiscoverer.c:972)
==2197==    by 0x4E4400A: gst_discoverer_discover_uri (gstdiscoverer.c:1477)
==2197==  Address 0xc414a60 is 0 bytes inside a block of size 32 free'd
==2197==    at 0x4C268FE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2197==    by 0x6255ADC: g_array_free (garray.c:316)
==2197==    by 0x5A11752: g_value_unset (gvalue.c:275)
==2197==    by 0x50C9FDA: gst_structure_free (gststructure.c:340)
==2197==    by 0x4E43348: _event_probe (gstdiscoverer.c:428)
==2197==    by 0x50EF847: gst_marshal_BOOLEAN__POINTER (gstmarshal.c:586)
==2197==    by 0x59EA803: g_closure_invoke (gclosure.c:774)
==2197==    by 0x59FC789: signal_emit_unlocked_R (gsignal.c:3272)
==2197==    by 0x5A0541F: g_signal_emitv (gsignal.c:2907)
==2197==    by 0x507763A: gst_pad_emit_have_data_signal (gstpad.c:4143)
==2197==    by 0x50B20CA: gst_pad_push_event (gstpad.c:5236)
==2197==    by 0x509B730: gst_proxy_pad_do_event (gstghostpad.c:114)


Have not been able to reproduce this with git though, so may well be fixed already.

Comment 9 Tim-Philipp Müller 2012-01-05 18:01:36 UTC

Any chance you could try the current pre-releases?

If you're on ubuntu, there's a GStreamer PPA, if you're on debian sid prerelease packages are in experimental.

Comment 10 sgringwe 2012-01-05 18:19:09 UTC

I tried with the pre-release. It does not segfault on the file it was before, but instead segfaults on a new file now. Trace:

[FATAL 13:09:35.005842] [GLib-GObject] g_value_copy: assertion `G_IS_VALUE (src_value)' failed
[FATAL 13:09:35.005924] BeatBox will not function properly.

(beatbox:32475): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

(beatbox:32475): GStreamer-CRITICAL **: gst_value_init_and_copy: assertion `G_IS_VALUE (src)' failed

Program received signal SIGSEGV, Segmentation fault.

+ Trace 229396

Thread 3063937904 (LWP 32499)

#0 type_check_is_value_type_U
at /build/buildd/glib2.0-2.30.0/./gobject/gtype.c line 4092
#1 g_type_check_value
at /build/buildd/glib2.0-2.30.0/./gobject/gtype.c line 4126
#2 gst_value_init_and_copy
at gstvalue.c line 4007
#3 gst_structure_copy
at gststructure.c line 312
#4 gst_structure_copy_conditional
at gststructure.c line 2330
#5 _g_type_boxed_copy
at /build/buildd/glib2.0-2.30.0/./gobject/gtype.c line 4225
#6 boxed_proxy_collect_value
at /build/buildd/glib2.0-2.30.0/./gobject/gboxed.c line 228
#7 boxed_proxy_collect_value
at /build/buildd/glib2.0-2.30.0/./gobject/gboxed.c line 213
#8 gst_structure_id_set_valist_internal
at gststructure.c line 642
#9 gst_structure_id_set
at gststructure.c line 676
#10 collect_stream_information
at gstdiscoverer.c line 602
#11 find_stream_for_node
at gstdiscoverer.c line 829
#12 parse_stream_topology
at gstdiscoverer.c line 878
#13 parse_stream_topology
at gstdiscoverer.c line 917
#14 parse_stream_topology
at gstdiscoverer.c line 911
#15 parse_stream_topology
at gstdiscoverer.c line 922
#16 discoverer_collect
at gstdiscoverer.c line 1031
#17 gst_discoverer_discover_uri
at gstdiscoverer.c line 1536
#18 beat_box_gstreamer_tagger_import_song
#19 beat_box_file_operator_import_song
#20 beat_box_file_operator_get_music_files_set
#21 beat_box_file_operator_get_music_files_set
#22 beat_box_file_operator_get_music_files_set
#23 beat_box_library_manager_set_music_thread_function
#24 _beat_box_library_manager_set_music_thread_function_gthread_func
#25 g_thread_create_proxy
at /build/buildd/glib2.0-2.30.0/./glib/gthread.c line 1962
#26 start_thread
at pthread_create.c line 304
#27 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

Comment 11 Tim-Philipp Müller 2012-10-26 18:09:24 UTC

Hrm, sorry, not quite sure what to do with this.

Some more questions:

 - does it happen with the gst-discoverer-0.10 utility as well ?

 - could you provide a valgrind log ?

 - could you re-test with GStreamer 1.0.x ? (There were
    some fixes that look relevant)

 - does it happen with a test case written in
   C as well? (though that should really be
   gst-discoverer-x.y)

Comment 12 Edward Hervey 2013-07-17 15:53:15 UTC

No answers after 8+ months (18 since last response).

Never reproduced in 1.x

Closing. Re-open if you can reproduce this with gst-discoverer-1.0