After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 683517 - Crash in bmp_decode_frame() when decoding unusual bmp file
Crash in bmp_decode_frame() when decoding unusual bmp file
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-libav
git master
Other All
: Normal critical
: 1.0.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2012-09-06 17:08 UTC by LRN
Modified: 2012-10-27 21:12 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Causes the crash. (2.96 KB, application/octet-stream)
2012-09-06 17:08 UTC, LRN 		Details

Description LRN 2012-09-06 17:08:46 UTC 
Created attachment 223672 [details]
Causes the crash.

$ gdb --args gst-discoverer-1.0.exe extractortmp.nlc5JE
GNU gdb (GDB) 7.5
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-mingw32".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /mingw/bin/gst-discoverer-1.0.exe...done.
(gdb) r
Starting program: /mingw/bin/gst-discoverer-1.0.exe extractortmp.nlc5JE
[New Thread 13664.0x179c]
[New Thread 13664.0x1c20]
[New Thread 13664.0x3718]
Analyzing file:///extractortmp.nlc5JE
[New Thread 13664.0x1db8]
[New Thread 13664.0x1930]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 13664.0x1db8]
0x0318ed8c in bmp_decode_frame (avctx=0x2bec6e0, data=0x2bea380, data_size=0x2fff9ec, avpkt=0x2fff980) at libavcodec/bmp.c:231
231             memset(p->data[1], 0, 1024);
(gdb) p p
$1 = (AVFrame *) 0x2becb00
(gdb) p p->data
$2 = {0x2c020a0 '\200' <repeats 200 times>..., 0x0, 0x0, 0x0}
(gdb) p *p
$3 = {data = {0x2c020a0 '\200' <repeats 200 times>..., 0x0, 0x0, 0x0}, linesize = {64, 0, 0, 0}, base = {0x2c020a0 '\200' <repeats 200 times>..., 0x0, 0x0, 0x0},
  key_frame = 1, pict_type = AV_PICTURE_TYPE_I, pts = -9223372036854775808, coded_picture_number = 0, display_picture_number = 0, quality = 0, age = 0,
  reference = 0, qscale_table = 0x0, qstride = 0, mbskip_table = 0x0, motion_val = {0x0, 0x0}, mb_type = 0x0, motion_subsample_log2 = 0 '\000', opaque = 0x2bef080,
  error = {0, 0, 0, 0}, type = 1, repeat_pict = 0, qscale_type = 0, interlaced_frame = 0, top_field_first = 0, pan_scan = 0x0, palette_has_changed = 0,
  buffer_hints = 0, dct_coeff = 0x0, ref_index = {0x0, 0x0}, reordered_opaque = 0, hwaccel_picture_private = 0x0, pkt_pts = 0, pkt_dts = 0, owner = 0x0,
  thread_opaque = 0x0, nb_samples = 0, extended_data = 0x2becb00, sample_aspect_ratio = {num = 0, den = 1}, width = 0, height = 0, format = -1}
(gdb) p *p->data[1]
Cannot access memory at address 0x0
(gdb) bt

+ Trace 230812

  • #0 bmp_decode_frame
    at libavcodec/bmp.c line 231
  • #1 avcodec_decode_video2
    at libavcodec/utils.c line 1152
  • #2 _fu237___gst_debug_min
    at gstffmpegviddec.c line 1077
  • #3 _fu256___gst_debug_min
    at gstffmpegviddec.c line 1204
  • #4 _fu422__GST_CAT_PERFORMANCE
    at gstffmpegviddec.c line 1320
  • #5 _fu96___gst_debug_min
    at gstvideodecoder.c line 2520
  • #6 _fu146___gst_debug_min
    at gstvideodecoder.c line 1644
  • #7 _fu162___gst_debug_min
    at gstvideodecoder.c line 1905
  • #8 gst_pad_chain_data_unchecked
  • #9 gst_pad_push_data
  • #10 _fu593___gst_debug_min
    at gsttypefindelement.c line 1071
  • #11 gst_task_func
    at gsttask.c line 316
  • #12 g_thread_pool_thread_proxy
    at /src/mingw/glib-2.33.1a/glib/gthreadpool.c line 309
  • #13 g_thread_proxy
    at /src/mingw/glib-2.33.1a/glib/gthread.c line 801
  • #14 g_thread_win32_proxy
    at /src/mingw/glib-2.33.1a/glib/gthread-win32.c line 451
  • #15 msvcrt!_itow_s
    from %SYSTEMROOT%\syswow64\msvcrt.dll
  • #16 msvcrt!_endthreadex
    from %SYSTEMROOT%\syswow64\msvcrt.dll
  • #17 KERNEL32!BaseCleanupAppcompatCacheSupport
    from %SYSTEMROOT%\syswow64\kernel32.dll
  • #18 ??
  • #19 ntdll!RtlpNtSetValueKey
    from %SYSTEMROOT%\system32\ntdll.dll
  • #20 ??
  • #21 ntdll!RtlpNtSetValueKey
    from %SYSTEMROOT%\system32\ntdll.dll
  • #22 msvcrt!_endthreadex
    from %SYSTEMROOT%\syswow64\msvcrt.dll
  • #23 ?? 






Comment 2


LRN





          2012-10-27 15:11:35 UTC
        



Required libav version was bumped to newer release that includes the fix for this.