GNOME Bugzilla – Bug 746390
qtdemux: crash while playing MPEG DASH stream
Last modified: 2015-03-27 02:08:41 UTC
Hello, I am playing http://www-itec.uni-klu.ac.at/ftp/datasets/mmsys13/redbull_10sec.mpd on armv7 based platform, which crashes with below stack trace: root@Rajat:~# export G_DEBUG=fatal_warnings root@Rajat:~# gdb --args gst-launch-1.0 http://www-itec.uni-klu.ac.at/ftp/datasets/mmsys13/redbull_10sec.mpd GNU gdb (GDB) STMicroelectronics/Linux Base 7.6-49 [build Jul 2 2014] Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "arm-cortex-linux-gnueabi". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/gst-launch-1.0...done. (gdb) r Starting program: /usr/bin/gst-launch-1.0 http://www-itec.uni-klu.ac.at/ftp/datasets/mmsys13/redbull_10sec.mpd [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". ************************** GST-APPS version : v2.5.0 ************************** **************** GStreamer 1.2.2 **************** [New Thread 0x76974470 (LWP 5016)] [New Thread 0x76174470 (LWP 5017)] Playing file http://www-itec.uni-klu.ac.at/ftp/datasets/mmsys13/redbull_10sec.mpd [New Thread 0x74fb4470 (LWP 5018)] Received duration message format time duration -1 [New Thread 0x7471a470 (LWP 5019)] Received duration message format time duration -1 [New Thread 0x73cff470 (LWP 5020)] [New Thread 0x734ff470 (LWP 5021)] [New Thread 0x72cff470 (LWP 5022)] [New Thread 0x724ff470 (LWP 5023)] [New Thread 0x71cff470 (LWP 5024)] [New Thread 0x714ff470 (LWP 5025)] [New Thread 0x70cff470 (LWP 5026)] [New Thread 0x704ff470 (LWP 5042)] [New Thread 0x6fcff470 (LWP 5043)] [New Thread 0x6f4ff470 (LWP 5044)] [New Thread 0x6ecff470 (LWP 5045)] [New Thread 0x6e4ff470 (LWP 5046)] [New Thread 0x6dcff470 (LWP 5055)]00 / 1:26:00.000000000> [New Thread 0x6d4ff470 (LWP 5056)] [New Thread 0x6ccff470 (LWP 5057)] [New Thread 0x6c4ff470 (LWP 5058)] video codec: H.264 / AVC maximum bitrate: 221184 bitrate: 98920 container format: ISO fMP4 [New Thread 0x6bcff470 (LWP 5059)] Received ASYNC DONE on bus - 1 video, 2 audio, 0 subtitle Audio stream=0 codec=MPEG-4 AAC audio language=(null) Audio stream=1 codec=(null) language=(null) [New Thread 0x6b4ff470 (LWP 5060)] audio codec: MPEG-4 AAC audio maximum bitrate: 67192 bitrate: 61368 container format: ISO fMP4 [New Thread 0x6acff470 (LWP 5061)] [Thread 0x6fcff470 (LWP 5043) exited]/ 1:26:00.000000000> minimum bitrate: 61125:10.209000000 / 1:26:00.000000000> <Speed: 1X | Time: 0:00:11.010000000 / 1:26:00.000000000> (gst-apps:5013): GStreamer-WARNING **: Trying to set string on structure field 'debug', but string is not valid UTF-8. Please file a bug. Program received signal SIGTRAP, Trace/breakpoint trap.
+ Trace 234870
Thread 1909453936 (LWP 5024)
A debugging session is active. Inferior 1 [process 5013] will be killed. Quit anyway? (y or n) y
*** Bug 746388 has been marked as a duplicate of this bug. ***
This seems fixed in master, I do not get the warning when the pipeline fails to play the stream.
It doesn't explode here as well but it is not playing. This stream is particular that the audio fragments contain 2 tracks (both audio), not that this is the reason why it doesn't play, haven't looked deeply at it yet.
qtdemux qtdemux.c:4851:next_entry_size:<qtdemux1> stream 1 samples exhausted And it seems that one of the streams has no samples actually and qtdemux has already exposed a pad. This might be blocking in decodebin on preroll.
It does crash for me, with gstreamer 1.4.5 on ubuntu 12.04. I have not checked with master branch yet, but looking at master branch log, atleast I didn't see any commit related for fixing this. I mean issue is not that error comes, issue is that it crashes when it goes to print error message.
I checked it on master branch of gstreamer on ubuntu 12.04 and it does not crashes. Same as comment 2 & 3.
The video still doesn't play correctly in master, and the crash in 1.4.5 can pottentially be fixed as well. Let's keep this open for now.
In case of crash, atom parsing had below logs: Peeking found [free] size: 59 Peeking found [moov] size: 735 Peeking found [styp] size: 24 Peeking found [sidx] size: 44 Peeking found [moof] size: 1288 Peeking found [mdat] size: 635537 Peeking found [\xf1B Peeking found [ftyp] size: 28 Peeking found [free] size: 59 But in master branch, I have: Peeking found [styp] size: 24 Peeking found [sidx] size: 44 Peeking found [moof] size: 1288 Peeking found [mdat] size: 70492 Peeking found [mdat] size: 76779 Peeking found [ftyp] size: 28 Peeking found [free] size: 59 So, it looks like something to do with parsing of mdat.
One more update, in case of 1.4.5, if I comment below line in qtdemux.c: GST_ELEMENT_ERROR (demux, STREAM, DEMUX, (_("This file is invalid and cannot be played.")), ("atom %" GST_FOURCC_FORMAT " has bogus size %" G_GUINT64_FORMAT, GST_FOURCC_ARGS (fourcc), size)); Then, audio doesn't work but video keeps playing.
By looking into the backtrace, it seems that the crash shall be caused by some invalid char string. Qtdemux runs into a "wrong"-format atom, and trys to post a error message including wired fourcc. In the latest version, maybe some protection code is added to avoid some invalid byte in message string. Though I didn't look into it in detail, please just think about it.
(In reply to Rajat Verma from comment #9) > One more update, in case of 1.4.5, if I comment below line in qtdemux.c: > > > GST_ELEMENT_ERROR (demux, STREAM, DEMUX, > (_("This file is invalid and cannot be played.")), > ("atom %" GST_FOURCC_FORMAT " has bogus size %" > G_GUINT64_FORMAT, > GST_FOURCC_ARGS (fourcc), size)); > > Then, audio doesn't work but video keeps playing. This makes sense, since error message is wiped out.
I run it today using 1.4.5. decodebin is blocked during prerolling, and pipeline failed in transfering to PAUSED state. audio initialization segment has two TRAK(two tracks:trackID 1 and trackID 2), but media segments only provide trackID 1 content. For multiqueue between QTdemux and AacParse, one singleque runs normally, yet the other singleque starves and blocked from the very beginning. It's a bit delimma here.
The crash with fourcc chars was fixed in https://bugzilla.gnome.org/show_bug.cgi?id=745144 Bug https://bugzilla.gnome.org/show_bug.cgi?id=733171 fixed the empty stream handling for this case. Bug https://bugzilla.gnome.org/show_bug.cgi?id=746518 fixed EOS handling in input-selector that was also needed for playback of this file. Thanks for reporting and please reopen if you still have issues with git master.