GNOME Bugzilla – Bug 748414
Invalid read when printing debug output containing '%%'
Last modified: 2015-04-24 14:24:18 UTC
To reproduce: GST_DEBUG=5 gst-validate-launcher -t validate.http.transcode.to_vorbis_and_vp8_in_webm.raw_h264_1_mp4 -vg Looks like this GST_DEBUG() calls raise the issue: GST_DEBUG_OBJECT (queue, "Going to post buffering: %d%%", percent); Removing the '%%' fixes it so I guess there is something wrong with our implementation of printf. :\ ==7251== Invalid read of size 4 ==7251== at 0x5AB9A20: printf_postprocess_args (vasnprintf.c:245) ==7251== by 0x5AB9A20: __gst_vasnprintf (vasnprintf.c:286) ==7251== by 0x5ABB19C: __gst_vasprintf (printf.c:154) ==7251== by 0x5A5BAEF: gst_debug_message_get (gstinfo.c:535) ==7251== by 0x5A5C9C9: gst_debug_log_default (gstinfo.c:1041) ==7251== by 0x5A5C18D: gst_debug_log_valist (gstinfo.c:513) ==7251== by 0x5A5C2BA: gst_debug_log (gstinfo.c:445) ==7251== by 0x9A855A3: gst_queue2_post_buffering (gstqueue2.c:927) ==7251== by 0x3EBBC175DA: object_set_property (gobject.c:1415) ==7251== by 0x3EBBC175DA: g_object_set_valist (gobject.c:2159) ==7251== by 0x3EBBC17E6B: g_object_set (gobject.c:2269) ==7251== by 0x960557A: type_found (gsturidecodebin.c:1969) ==7251== by 0x3EBB405DAF: ffi_call_unix64 (unix64.S:76) ==7251== by 0x3EBB405817: ffi_call (ffi64.c:525) ==7251== by 0x3EBBC10463: g_cclosure_marshal_generic (gclosure.c:1448) ==7251== by 0x3EBBC0FC54: g_closure_invoke (gclosure.c:768) ==7251== by 0x3EBBC219E1: signal_emit_unlocked_R (gsignal.c:3553) ==7251== by 0x3EBBC2A120: g_signal_emit_valist (gsignal.c:3309) ==7251== by 0x3EBBC2A34E: g_signal_emit (gsignal.c:3365) ==7251== by 0x9A9249F: gst_type_find_element_chain_do_typefinding (gsttypefindelement.c:917) ==7251== by 0x9A94411: gst_type_find_element_chain (gsttypefindelement.c:852) ==7251== by 0x4C2C098: gst_validate_pad_monitor_chain_func (gst-validate-pad-monitor.c:2008) ==7251== Address 0x67d85c8 is 24 bytes before a block of size 24 alloc'd ==7251== at 0x4A08BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==7251== by 0x3EBB04F405: g_malloc (gmem.c:97) ==7251== by 0x5AB98E2: __gst_printf_parse (printf-parse.c:450) ==7251== by 0x5AB99C0: __gst_vasnprintf (vasnprintf.c:265) ==7251== by 0x5ABB19C: __gst_vasprintf (printf.c:154) ==7251== by 0x5A5BAEF: gst_debug_message_get (gstinfo.c:535) ==7251== by 0x5A5C9C9: gst_debug_log_default (gstinfo.c:1041) ==7251== by 0x5A5C18D: gst_debug_log_valist (gstinfo.c:513) ==7251== by 0x5A5C2BA: gst_debug_log (gstinfo.c:445) ==7251== by 0x9A855A3: gst_queue2_post_buffering (gstqueue2.c:927) ==7251== by 0x3EBBC175DA: object_set_property (gobject.c:1415) ==7251== by 0x3EBBC175DA: g_object_set_valist (gobject.c:2159) ==7251== by 0x3EBBC17E6B: g_object_set (gobject.c:2269) ==7251== by 0x960557A: type_found (gsturidecodebin.c:1969) ==7251== by 0x3EBB405DAF: ffi_call_unix64 (unix64.S:76) ==7251== by 0x3EBB405817: ffi_call (ffi64.c:525) ==7251== by 0x3EBBC10463: g_cclosure_marshal_generic (gclosure.c:1448) ==7251== by 0x3EBBC0FC54: g_closure_invoke (gclosure.c:768) ==7251== by 0x3EBBC219E1: signal_emit_unlocked_R (gsignal.c:3553) ==7251== by 0x3EBBC2A120: g_signal_emit_valist (gsignal.c:3309) ==7251== by 0x3EBBC2A34E: g_signal_emit (gsignal.c:3365)
Thanks, fixed: commit a0f2e9ec2a5cb4fe21a3ee501e6faf52999108cd Author: Tim-Philipp Müller <tim@centricular.com> Date: Fri Apr 24 15:19:26 2015 +0100 tests: printf: add unit test for %% https://bugzilla.gnome.org/show_bug.cgi?id=748414 commit 6c394643be52dc525af6b21b3ba7f014eea0eb7f Author: Tim-Philipp Müller <tim@centricular.com> Date: Fri Apr 24 15:16:24 2015 +0100 printf: fix invalid memory access in case of %% https://bugzilla.gnome.org/show_bug.cgi?id=748414