GNOME Bugzilla – Bug 740080
faad: crashes if fed with invalid codec data
Last modified: 2014-11-13 20:13:15 UTC
If the data fed to faad is not valid it crashes with the following output: 0:00:00.037768168 5777 0xd47450 DEBUG faad gstfaad.c:376:gst_faad_set_format:<faad0> faacDecInit2() failed (gst-launch-1.0:5777): GStreamer-CRITICAL **: Trying to dispose element faad0, but it is in PAUSED instead of the NULL state. You need to explicitly set elements to the NULL state before dropping the final reference, to allow them to clean up. This problem may also be caused by a refcounting bug in the application or some element. (gst-launch-1.0:5777): GLib-GObject-CRITICAL **: g_object_ref: assertion 'G_IS_OBJECT (object)' failed (gst-launch-1.0:5777): GLib-GObject-CRITICAL **: g_object_ref: assertion 'G_IS_OBJECT (object)' failed (gst-launch-1.0:5777): GLib-GObject-WARNING **: invalid unclassed pointer in cast to 'GstAudioDecoder' (gst-launch-1.0:5777): GLib-GObject-CRITICAL **: g_object_ref: assertion 'G_IS_OBJECT (object)' failed (gst-launch-1.0:5777): GLib-GObject-WARNING **: invalid unclassed pointer in cast to 'GstAudioDecoder' (gst-launch-1.0:5777): GStreamer-CRITICAL **: gst_object_unref: assertion '((GObject *) object)->ref_count > 0' failed (gst-launch-1.0:5777): GStreamer-CRITICAL **: gst_object_unref: assertion '((GObject *) object)->ref_count > 0' failed (gst-launch-1.0:5777): GLib-GObject-WARNING **: invalid unclassed pointer in cast to 'GstAudioDecoder' Caught SIGSEGV
+ Trace 234329
Created attachment 290657 [details] [review] Patch to fix the crash The output of the gst-launch pipeline described in the report is now as expected for invalid data: ERROR: from element /GstPipeline:pipeline0/GstCafDemux:cafdemux0: GStreamer encountered a general stream error. Additional debug info: gstbaseparse.c(3334): gst_base_parse_loop (): /GstPipeline:pipeline0/GstCafDemux:cafdemux0: streaming stopped, reason not-negotiated ERROR: pipeline doesn't want to preroll. Setting pipeline to NULL ... 0:00:00.113517207 6132 0x2523450 DEBUG faad gstfaad.c:301:gst_faad_set_format:<faad0> codec_data: object_type=0, sample_rate=7, channels=0 0:00:00.113645545 6132 0x2523450 DEBUG faad gstfaad.c:374:gst_faad_set_format:<faad0> faacDecInit2() failed 0:00:00.113677261 6132 0x2523450 DEBUG faad gstfaad.c:301:gst_faad_set_format:<faad0> codec_data: object_type=0, sample_rate=7, channels=0 0:00:00.113695112 6132 0x2523450 DEBUG faad gstfaad.c:374:gst_faad_set_format:<faad0> faacDecInit2() failed 0:00:00.113715238 6132 0x24e1100 DEBUG faad gstfaad.c:223:gst_faad_stop:<faad0> stop 0:00:00.113753723 6132 0x24e1100 DEBUG aacparse gstaacparse.c:1407:gst_aac_parse_stop: stop Freeing pipeline ...
Thanks for the bug report and the patch. I think this was fixed a couple of days already by this commit: commit 8a9ab58e33f5ef9c233a0ecee8ade4922573c848 Author: Tim-Philipp Müller <tim@centricular.com> Date: Tue Oct 28 17:44:47 2014 +0000 faad: fix wrong unrefs in set_format error code path which should be in both master and the recent 1.4.4 release. Please re-open the bug if there are still issues with current git master or 1.4.4, thanks!