After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 746390 - qtdemux: crash while playing MPEG DASH stream
qtdemux: crash while playing MPEG DASH stream
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
1.4.5
Other Linux
: Normal normal
: 1.5.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 746388 (view as bug list)
Depends on: 733171
Blocks:
 
 
Reported: 2015-03-18 10:45 UTC by Rajat Verma
Modified: 2015-03-27 02:08 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Rajat Verma 2015-03-18 10:45:14 UTC
Hello,

I am playing http://www-itec.uni-klu.ac.at/ftp/datasets/mmsys13/redbull_10sec.mpd on armv7 based platform, which crashes with below stack trace:

root@Rajat:~# export G_DEBUG=fatal_warnings
root@Rajat:~# gdb --args gst-launch-1.0 http://www-itec.uni-klu.ac.at/ftp/datasets/mmsys13/redbull_10sec.mpd
GNU gdb (GDB) STMicroelectronics/Linux Base 7.6-49 [build Jul  2 2014]
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-cortex-linux-gnueabi".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/gst-launch-1.0...done.
(gdb) r
Starting program: /usr/bin/gst-launch-1.0 http://www-itec.uni-klu.ac.at/ftp/datasets/mmsys13/redbull_10sec.mpd
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
**************************
GST-APPS version : v2.5.0
**************************
****************
GStreamer 1.2.2
****************
[New Thread 0x76974470 (LWP 5016)]
[New Thread 0x76174470 (LWP 5017)]
Playing file http://www-itec.uni-klu.ac.at/ftp/datasets/mmsys13/redbull_10sec.mpd
[New Thread 0x74fb4470 (LWP 5018)]
Received duration message format time duration -1
[New Thread 0x7471a470 (LWP 5019)]
Received duration message format time duration -1
[New Thread 0x73cff470 (LWP 5020)]
[New Thread 0x734ff470 (LWP 5021)]
[New Thread 0x72cff470 (LWP 5022)]
[New Thread 0x724ff470 (LWP 5023)]
[New Thread 0x71cff470 (LWP 5024)]
[New Thread 0x714ff470 (LWP 5025)]
[New Thread 0x70cff470 (LWP 5026)]
[New Thread 0x704ff470 (LWP 5042)]
[New Thread 0x6fcff470 (LWP 5043)]
[New Thread 0x6f4ff470 (LWP 5044)]
[New Thread 0x6ecff470 (LWP 5045)]
[New Thread 0x6e4ff470 (LWP 5046)]
[New Thread 0x6dcff470 (LWP 5055)]00 / 1:26:00.000000000>
[New Thread 0x6d4ff470 (LWP 5056)]
[New Thread 0x6ccff470 (LWP 5057)]
[New Thread 0x6c4ff470 (LWP 5058)]
     video codec: H.264 / AVC
 maximum bitrate: 221184
         bitrate: 98920
container format: ISO fMP4
[New Thread 0x6bcff470 (LWP 5059)]
Received ASYNC DONE on bus - 1 video, 2 audio, 0 subtitle
Audio stream=0 codec=MPEG-4 AAC audio language=(null)
Audio stream=1 codec=(null) language=(null)
[New Thread 0x6b4ff470 (LWP 5060)]
     audio codec: MPEG-4 AAC audio
 maximum bitrate: 67192
         bitrate: 61368
container format: ISO fMP4
[New Thread 0x6acff470 (LWP 5061)]
[Thread 0x6fcff470 (LWP 5043) exited]/ 1:26:00.000000000>
 minimum bitrate: 61125:10.209000000 / 1:26:00.000000000>
<Speed: 1X | Time: 0:00:11.010000000 / 1:26:00.000000000>
(gst-apps:5013): GStreamer-WARNING **: Trying to set string on structure field 'debug', but string is not valid UTF-8. Please file a bug.

Program received signal SIGTRAP, Trace/breakpoint trap.

Thread 1909453936 (LWP 5024)

  • #0 raise
    from /lib/libpthread.so.0
  • #1 g_logv
    from /usr/lib/libglib-2.0.so.0
  • #2 g_log
    from /usr/lib/libglib-2.0.so.0
  • #3 gst_structure_set_field
    at gststructure.c line 815
  • #4 gst_structure_id_set_valist_internal
    at gststructure.c line 677
  • #5 gst_structure_new_id
    at gststructure.c line 754
  • #6 gst_message_new_error
  • #7 gst_element_message_full
    at gstelement.c line 1840
  • #8 gst_qtdemux_chain
    at qtdemux.c line 4671
  • #9 gst_pad_chain_data_unchecked
    at gstpad.c line 3711
  • #10 gst_pad_push_data
    at gstpad.c line 3941
  • #11 gst_pad_push
    at gstpad.c line 4044
  • #12 gst_single_queue_push_one
    at gstmultiqueue.c line 1083
  • #13 gst_multi_queue_loop
    at gstmultiqueue.c line 1332
  • #14 gst_task_func
    at gsttask.c line 316
  • #15 g_thread_pool_thread_proxy
    from /usr/lib/libglib-2.0.so.0
  • #16 g_thread_proxy
    from /usr/lib/libglib-2.0.so.0
  • #17 start_thread
    from /lib/libpthread.so.0
  • #18 ??
    from /lib/libc.so.6
  • #19 ??
    from /lib/libc.so.6
A debugging session is active.

	Inferior 1 [process 5013] will be killed.

Quit anyway? (y or n) y
Comment 1 Thiago Sousa Santos 2015-03-18 11:21:06 UTC
*** Bug 746388 has been marked as a duplicate of this bug. ***
Comment 2 Vincent Penquerc'h 2015-03-18 14:04:44 UTC
This seems fixed in master, I do not get the warning when the pipeline fails to play the stream.
Comment 3 Thiago Sousa Santos 2015-03-18 14:51:28 UTC
It doesn't explode here as well but it is not playing. This stream is particular that the audio fragments contain 2 tracks (both audio), not that this is the reason why it doesn't play, haven't looked deeply at it yet.
Comment 4 Thiago Sousa Santos 2015-03-18 14:58:02 UTC
qtdemux qtdemux.c:4851:next_entry_size:<qtdemux1> stream 1 samples exhausted

And it seems that one of the streams has no samples actually and qtdemux has already exposed a pad. This might be blocking in decodebin on preroll.
Comment 5 Rajat Verma 2015-03-19 05:56:17 UTC
It does crash for me, with gstreamer 1.4.5 on ubuntu 12.04. I have not checked with master branch yet, but looking at master branch log, atleast I didn't see any commit related for fixing this.

I mean issue is not that error comes, issue is that it crashes when it goes to print error message.
Comment 6 Rajat Verma 2015-03-19 10:02:10 UTC
I checked it on master branch of gstreamer on ubuntu 12.04 and it does not crashes. Same as comment 2 & 3.
Comment 7 Thiago Sousa Santos 2015-03-19 10:53:13 UTC
The video still doesn't play correctly in master, and the crash in 1.4.5 can pottentially be fixed as well. Let's keep this open for now.
Comment 8 Rajat Verma 2015-03-19 10:53:42 UTC
In case of crash, atom parsing had below logs:

Peeking found [free] size: 59  
Peeking found [moov] size: 735  
Peeking found [styp] size: 24  
Peeking found [sidx] size: 44  
Peeking found [moof] size: 1288  
Peeking found [mdat] size: 635537
Peeking found [\xf1B
Peeking found [ftyp] size: 28
Peeking found [free] size: 59


But in master branch, I have:
Peeking found [styp] size: 24
Peeking found [sidx] size: 44
Peeking found [moof] size: 1288
Peeking found [mdat] size: 70492
Peeking found [mdat] size: 76779
Peeking found [ftyp] size: 28
Peeking found [free] size: 59

So, it looks like something to do with parsing of mdat.
Comment 9 Rajat Verma 2015-03-19 10:56:18 UTC
One more update, in case of 1.4.5, if I comment below line in qtdemux.c:


          GST_ELEMENT_ERROR (demux, STREAM, DEMUX,
              (_("This file is invalid and cannot be played.")),
              ("atom %" GST_FOURCC_FORMAT " has bogus size %" G_GUINT64_FORMAT,
                  GST_FOURCC_ARGS (fourcc), size));

Then, audio doesn't work but video keeps playing.
Comment 10 xixi 2015-03-19 16:03:26 UTC
By looking into the backtrace, it seems that the crash shall be caused by some invalid char string.  Qtdemux runs into a "wrong"-format atom, and trys to post a error message including wired fourcc.  

In the latest version, maybe some protection code is added to avoid some invalid byte in message string.    

Though I didn't look into it in detail, please just think about it.
Comment 11 xixi 2015-03-19 16:05:21 UTC
(In reply to Rajat Verma from comment #9)
> One more update, in case of 1.4.5, if I comment below line in qtdemux.c:
> 
> 
>           GST_ELEMENT_ERROR (demux, STREAM, DEMUX,
>               (_("This file is invalid and cannot be played.")),
>               ("atom %" GST_FOURCC_FORMAT " has bogus size %"
> G_GUINT64_FORMAT,
>                   GST_FOURCC_ARGS (fourcc), size));
> 
> Then, audio doesn't work but video keeps playing.


This makes sense, since error message is wiped out.
Comment 12 xixi 2015-03-20 03:46:54 UTC
I run it today using 1.4.5.
decodebin is blocked during prerolling, and pipeline failed in transfering to PAUSED state.

audio initialization segment has two TRAK(two tracks:trackID 1 and trackID 2), but media segments only provide trackID 1 content.
For multiqueue between QTdemux and AacParse, one singleque runs normally, yet the other singleque starves and blocked from the very beginning.

It's a bit delimma here.
Comment 13 Thiago Sousa Santos 2015-03-27 02:08:41 UTC
The crash with fourcc chars was fixed in https://bugzilla.gnome.org/show_bug.cgi?id=745144

Bug https://bugzilla.gnome.org/show_bug.cgi?id=733171 fixed the empty stream handling for this case.

Bug https://bugzilla.gnome.org/show_bug.cgi?id=746518 fixed EOS handling in input-selector that was also needed for playback of this file.

Thanks for reporting and please reopen if you still have issues with git master.