After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 711131 - rtpjitterbuffer: SIGSEGV when do-retransmission=true and a lot of packets are dopped
rtpjitterbuffer: SIGSEGV when do-retransmission=true and a lot of packets are...
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
git master
Other Linux
: Normal normal
: 1.2.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2013-10-30 10:45 UTC by Julien Isorce
Modified: 2013-11-11 11:06 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
gdb "thread apply all bt" log (6.27 KB, text/x-log)
2013-10-30 10:46 UTC, Julien Isorce 		  Details
valgrind log (15.90 KB, text/x-log)
2013-10-30 10:47 UTC, Julien Isorce 		  Details
Patch fixing the issue (1.63 KB, patch)
2013-11-05 08:57 UTC, George Kiagiadakis 		none Details | Review

Description Julien Isorce 2013-10-30 10:45:48 UTC 
* steps to reproduce: gst-launch-1.0 videotestsrc ! rtpvrawpay ! identity drop-probability=0.7 ! rtpjitterbuffer do-retransmission=true ! rtpvrawdepay ! fakesink

* back trace:

Program received signal SIGSEGV, Segmentation fault.

+ Trace 232683

Thread 140737274791680 (LWP 6618)

  • #0 do_expected_timeout
    at gstrtpjitterbuffer.c line 2461
  • #1 do_timeout
    at gstrtpjitterbuffer.c line 2568
  • #2 wait_next_timeout
    at gstrtpjitterbuffer.c line 2646
  • #3 ??
    from /lib/x86_64-linux-gnu/libglib-2.0.so.0
  • #4 start_thread
    at pthread_create.c line 304
  • #5 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
  • #6 ?? 






Comment 1


Julien Isorce





          2013-10-30 10:46:42 UTC
        



Created attachment 258543 [details]
gdb "thread apply all bt"  log






Comment 2


Julien Isorce





          2013-10-30 10:47:19 UTC
        



Created attachment 258544 [details]
valgrind log






Comment 3


George Kiagiadakis





          2013-11-05 08:57:11 UTC
        



Created attachment 258990 [details] [review]
Patch fixing the issue

The crash looks reasonable, given that the code unlocks the jitterbuffer lock while processing the timer... the crash happens right after locking again, where timer is eventually pointing to invalid memory. This patch should fix it (gst-launch line works now, unit tests still pass).






Comment 4


Julien Isorce





          2013-11-05 09:37:19 UTC
        



Your patch fixes the problem here too, nice!






Comment 5


Wim Taymans





          2013-11-11 10:55:23 UTC
        



commit b81b2efa3e4905f11136930da5191b1ac033825e
Author: George Kiagiadakis <george.kiagiadakis@collabora.com>
Date:   Tue Nov 5 10:48:33 2013 +0200

    rtpjitterbuffer: fix crash when do-retransmission=true and a lot of buffers are lost
    
    The problem here was that the jitterbuffer lock was unlocked to push
    the event, but that caused another thread to remove the timer currently
    being processed, probably because the amount of rtx events
    (and therefore timers) was getting too high. The solution is to
    unlock and push the event only after timer processing has finished.
    
    fixes https://bugzilla.gnome.org/show_bug.cgi?id=711131