GNOME Bugzilla – Bug 748358
rtspsrc: crashes caused by invalid caps unref in 1.4
Last modified: 2015-04-24 15:07:09 UTC
I have this GStreamer-CRITICAL warning: gst_mini_object_unref: assertion 'mini_object->refcount > 0' failed, when I tried to make pipeline: rtspsrc ! fakesink with these properties: rtspsrc timeout 0 rtspsrc tcp_timeout 1000000 rtspsrc protocols 4 fakesink num-buffers 100 So I replaced gstreamer-1.4.5 to old version 1.3.2 and it makes my program work. I analysed backtrace and found out that gst_caps_unref function is always called before assertion. So I found a place in gstrtspsrc.c diff between 1.3.2 and 1.4.5 versions where gst_caps_unref call was added with my problem caps and delete this line, it made program works. I am not saying that this line with an error just that it ref/unref problem.
Sorry, but what line exactly did you remove to make it work? Can you make a diff/patch to show us? I can reproduce with 1.4: tpm@xps:~$ valgrind gst-launch-1.0 rtspsrc location=rtsp://127.0.0.1:8554/test timeout=0 tcp_timeout=1000000 protocols=4 ! fakesink num-buffers=100 ==18406== Memcheck, a memory error detector ==18406== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==18406== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==18406== Command: gst-launch-1.0 rtspsrc location=rtsp://127.0.0.1:8554/test timeout=0 tcp_timeout=1000000 protocols=4 ! fakesink num-buffers=100 ==18406== Setting pipeline to PAUSED ... Pipeline is live and does not need PREROLL ... Progress: (open) Opening Stream Progress: (connect) Connecting to rtsp://127.0.0.1:8554/test Progress: (open) Retrieving server options Progress: (open) Retrieving media info Progress: (request) SETUP stream 0 Progress: (request) SETUP stream 1 Progress: (open) Opened Stream Setting pipeline to PLAYING ... New clock: GstSystemClock Progress: (request) Sending PLAY request Progress: (request) Sending PLAY request Progress: (request) Sent PLAY request Got EOS from element "pipeline0". Execution ended after 0:00:02.124186855 Setting pipeline to PAUSED ... Setting pipeline to READY ... Setting pipeline to NULL ... ==18406== Invalid read of size 4 ==18406== at 0x4E9782C: gst_mini_object_unref (in /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.404.0) ==18406== by 0x53D0236: g_hash_table_remove_all_nodes (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1) ==18406== by 0x53D0FC9: g_hash_table_remove_all (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1) ==18406== by 0x53D103D: g_hash_table_destroy (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1) ==18406== by 0xC8C61B2: free_session (in /usr/lib/x86_64-linux-gnu/gstreamer-1.0/libgstrtpmanager.so) ==18406== by 0x53FFD4C: g_slist_foreach (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1) ==18406== by 0xC8C6069: gst_rtp_bin_dispose (in /usr/lib/x86_64-linux-gnu/gstreamer-1.0/libgstrtpmanager.so) ==18406== by 0x515B1F4: g_object_unref (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4200.1) ==18406== by 0x4E9363B: _gst_message_free (in /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.404.0) ==18406== by 0x4E71BB7: gst_bus_set_flushing (in /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.404.0) ==18406== by 0x4EA640C: gst_pipeline_change_state (in /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.404.0) ==18406== by 0x4E86B11: gst_element_change_state (in /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.404.0) ==18406== Address 0x741d4c8 is 8 bytes inside a block of size 72 free'd ==18406== at 0x4C29E90: free (vg_replace_malloc.c:473) ==18406== by 0x53D0236: g_hash_table_remove_all_nodes (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1) ==18406== by 0x53D0FC9: g_hash_table_remove_all (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1) ==18406== by 0x53D103D: g_hash_table_destroy (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1) ==18406== by 0xC8EFA53: gst_rtp_session_finalize (in /usr/lib/x86_64-linux-gnu/gstreamer-1.0/libgstrtpmanager.so) ==18406== by 0x515B269: g_object_unref (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4200.1) ==18406== by 0x4E63B5C: gst_bin_remove_func (in /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.404.0) ==18406== by 0xC8C615C: free_session (in /usr/lib/x86_64-linux-gnu/gstreamer-1.0/libgstrtpmanager.so) ==18406== by 0x53FFD4C: g_slist_foreach (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1) ==18406== by 0xC8C6069: gst_rtp_bin_dispose (in /usr/lib/x86_64-linux-gnu/gstreamer-1.0/libgstrtpmanager.so) ==18406== by 0x515B1F4: g_object_unref (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.4200.1) ==18406== by 0x4E9363B: _gst_message_free (in /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.404.0) ==18406== (gst-launch-1.0:18406): GStreamer-CRITICAL **: gst_mini_object_unref: assertion 'mini_object->refcount > 0' failed (gst-launch-1.0:18406): GStreamer-CRITICAL **: gst_mini_object_unref: assertion 'mini_object->refcount > 0' failed Freeing pipeline ... git master behaves differently (no buffering, pretty much exits right away), there might be another bug hiding this problem, so not sure it still exists in master or not. Also not sure what would have fixed this.
Created attachment 302292 [details] [review] diff with delete gst_caps_unref
Thanks, you're right, this gst_caps_unref() shouldn't be done here. I've pushed this to the 1.4 branch now (I think it's ok in master): commit fd4aebc2208512e8ab3b480e960d38da81908809 Author: Kseniya Vasilchuk <vasilchukkseniia@gmail.com> Date: Fri Apr 24 16:02:14 2015 +0100 rtspsrc: fix crashes caused by invalid caps unref We don't get a ref to the caps returned here, so don't unref the caps. https://bugzilla.gnome.org/show_bug.cgi?id=748358