Bug 704801 – Segfault in gst_value_deserialize

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 704801 - Segfault in gst_value_deserialize


Summary:	Segfault in gst_value_deserialize


Status:	VERIFIED INCOMPLETE

Product:	GStreamer
Classification:	Platform
Component:	gst-python
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	git master
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-07-24 11:46 UTC by Tim 'mithro' Ansell
Modified:	2013-08-01 05:31 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Tim 'mithro' Ansell 2013-07-24 11:46:03 UTC

The following Python script segfaults in gst_value_deserialize
```
import gi
gi.require_version('Gst', '1.0')
from gi.repository import Gst

kaps = Gst.structure_from_string('video/x-raw,framerate=(fraction)10/1')
print kaps[0].get_value('rate')

kaps = Gst.structure_from_string('video/x-raw,format=AYUV,framerate=\(fraction\)10/1,width=100,height=100')
print kaps[0].get_value('rate')
```

```
$ gdb python
GNU gdb (GDB) 7.6-gg12
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux".

<http://wiki/Main/GnuDebugger  FAQ: http://go/gdb  Email: gdb-team  IRC: gdb>
Reading symbols from /usr/bin/python2.7...done.

WARNING: no debugging symbols found in /usr/bin/python2.7.
Either the binary was compiled without debugging information
or the debugging information was removed (e.g., with strip or strip -g).
Debugger capabilities will be very limited.
For further information: http://wiki/Main/GdbFaq#No_debugging_symbols_found

(gdb) run test.py
Starting program: /usr/bin/python2.7 test.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/grte/v3/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff34f323f in gst_value_deserialize (dest=0x7fffffffd3d8, src=0xb513c0 "10/1") at gstvalue.c:5024
5024	    len = gst_value_table->len;
(gdb) bt

+ Trace 232291

#0 gst_value_deserialize
at gstvalue.c line 5024
#1 gst_structure_parse_value
at gststructure.c line 2227
#2 gst_structure_parse_field
#3 priv_gst_structure_parse_fields
at gststructure.c line 2298
#4 gst_structure_from_string
#5 ffi_call_unix64
from /usr/lib/x86_64-linux-gnu/libffi.so.6
#6 ffi_call
from /usr/lib/x86_64-linux-gnu/libffi.so.6
#7 ??
from /usr/lib/libgirepository-1.0.so.1
#8 g_function_info_invoke
from /usr/lib/libgirepository-1.0.so.1
#9 ??
from /usr/lib/python2.7/dist-packages/gi/_gi.so
#10 PyEval_EvalFrameEx
#11 PyEval_EvalCodeEx
#12 PyEval_EvalFrameEx
#13 PyEval_EvalCodeEx
#14 PyRun_FileExFlags
#15 PyRun_SimpleFileExFlags
#16 Py_Main
#17 __libc_start_main
at libc-start.c line 226
#18 _start

```

Lastest commit
```
commit bfb68443994895a357222c1c11e0625e460dd864
Author: Sebastian Dröge <slomo@circular-chaos.org>
Date:   Wed Jul 24 11:21:27 2013 +0200

    basesink: Don't shadow variables that are set inside our scope and then used outside our scope
    
    Fixes uninitialized use of these variables.
```

Comment 1 Tim 'mithro' Ansell 2013-07-24 11:48:33 UTC

Problem line is
    len = gst_value_table->len;

Looks like gst_value_table is null?

(gdb) p src
$1 = (const gchar *) 0xb513c0 "10/1"
(gdb) p dest
$2 = (GValue *) 0x7fffffffd3d8
(gdb) p *dest
$3 = {g_type = 196, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, 
    {v_int = 1, v_uint = 1, v_long = 1, v_ulong = 1, v_int64 = 1, v_uint64 = 1, v_float = 1.40129846e-45, v_double = 4.9406564584124654e-324, 
      v_pointer = 0x1}}}
(gdb) p gst_value_table
$4 = (GArray *) 0x0

Comment 2 Edward Hervey 2013-07-24 12:51:55 UTC

You need to initialize GStreamer before using it.

Gst.init(None)

Comment 3 Tim 'mithro' Ansell 2013-08-01 05:31:28 UTC

Moving to the gst-python module.

Not calling Gst.init before calling gstreamer functions causes Python to segfault. A module should never cause Python to segfault.