After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 687643 - jpegenc: crashes if input buffer is too small, instead of erroring out gracefully
jpegenc: crashes if input buffer is too small, instead of erroring out gracef...
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
0.10.31
Other Linux
: Normal normal
: 0.10.32
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2012-11-05 13:50 UTC by Woodrow Douglass
Modified: 2012-11-05 16:41 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Jpeg that produces the issue. (119.96 KB, image/jpeg)
2012-11-05 13:50 UTC, Woodrow Douglass 		Details

Description Woodrow Douglass 2012-11-05 13:50:13 UTC 
Created attachment 228109 [details]
Jpeg that produces the issue.

I've created a .yuv dump of a jpeg using this pipeline:

gst-launch filesrc location=Foot\ Tat\ Han\ Solo.jpg ! jpegdec ! colorspace ! video/x-raw-yuv,format='(fourcc)'UYVY,width=768,height=1024,framerate='(fraction)'0/1 ! filesink location=sample.yuv

Then, tried to re-encode it with this pipeline:

gst-launch filesrc location=sample.yuv ! video/x-raw-yuv,format='(fourcc)'UYVY,width=768,height=1024,framerate='(fraction)'0/1 ! jpegenc ! filesink location=sample.jpeg

When i try this, jpegenc crashes (SIGSEGV). The backtrace from GDB is as follows:

+ Trace 231134

  • #0 gst_jpegenc_chain
    at gstjpegenc.c line 626
  • #1 gst_pad_chain_data_unchecked
    at gstpad.c line 4271
  • #2 gst_pad_push_data
    at gstpad.c line 4506
  • #3 gst_pad_push
    at gstpad.c line 4730
  • #4 gst_base_transform_chain
    at gstbasetransform.c line 2674
  • #5 gst_pad_chain_data_unchecked
    at gstpad.c line 4271
  • #6 gst_pad_push_data
    at gstpad.c line 4506
  • #7 gst_pad_push
    at gstpad.c line 4730
  • #8 gst_base_src_loop
    at gstbasesrc.c line 2559
  • #9 gst_task_func
    at gsttask.c line 327
  • #10 g_thread_pool_thread_proxy
    at /tmp/buildd/glib2.0-2.33.12+really2.32.4/./glib/gthreadpool.c line 309
  • #11 g_thread_proxy
    at /tmp/buildd/glib2.0-2.33.12+really2.32.4/./glib/gthread.c line 801
  • #12 start_thread
    at pthread_create.c line 304
  • #13 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
  • #14 ?? 

I'm using the debian testing (wheezy) packages. Thanks for looking into this; i've attached a jpeg that produces this issue, but i've been able to produce it with several different jpegs (from different sources/encoders)
Comment 1 Tim-Philipp Müller 2012-11-05 13:59:23 UTC 
> Then, tried to re-encode it with this pipeline:
> 
> gst-launch filesrc location=sample.yuv !
> video/x-raw-yuv,format='(fourcc)'UYVY,width=768,height=1024,framerate='(fraction)'0/1
> ! jpegenc ! filesink location=sample.jpeg
> 
> When i try this, jpegenc crashes (SIGSEGV). 

This is probably INVALID.

Try adding blocksize=9999999 to filesrc, or using the videoparse element between filesrc and jpegenc.

The problem is that by default filesrc reads data in 4096 byte chunks, but jpegenc expects the data to be as large as the video size requires it to be. (Arguably, it should check for that too).
Comment 2 Woodrow Douglass 2012-11-05 14:08:16 UTC 
That is exactly right. I tried that flag, and it worked without a hitch!

Jpegenc should check for that, and throw an error (or otherwise recover) instead of crashing. This fixes it for me (for now) thanks!
Comment 3 Tim-Philipp Müller 2012-11-05 16:41:44 UTC 
commit c237f04233bc53022df17909cb185e3ea0c67c37
Author: Tim-Philipp Müller <tim@centricular.net>
Date:   Mon Nov 5 16:31:16 2012 +0000

    jpegenc: error out gracefully if input buffer is too small
    
    https://bugzilla.gnome.org/show_bug.cgi?id=687643