After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 770019 - splitmuxsink crashes on 32-bit platform
splitmuxsink crashes on 32-bit platform
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
Other Linux
: Normal normal
: 1.8.4
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Reported: 2016-08-17 03:04 UTC by Jie.Jiang
Modified: 2016-08-21 16:55 UTC
See Also:
GNOME target: ---
GNOME version: ---

Patch to fix splitmuxsink crash on 32-bit platform (3.05 KB, patch)
2016-08-17 03:04 UTC, Jie.Jiang
none Details | Review
patch from 'git format-patch' (3.76 KB, patch)
2016-08-20 09:34 UTC, Jie.Jiang
committed Details | Review

Description Jie.Jiang 2016-08-17 03:04:31 UTC
Created attachment 333444 [details] [review]
Patch to fix splitmuxsink crash on 32-bit platform

On 32-bit platform, Splitmuxsink will crash when the total amount of data approximate 4G bytes.
And it can be reproduced by running the following pipeline on 32-bit platform.

gst-launch-1.0  -v videotestsrc is-live=1 ! 'video/x-raw,format=I420,width=1280,height=720,framerate=25/1' ! x264enc bitrate=102400 ! h264parse ! splitmuxsink max-size-time=10000000000 location=video%05d.mp4

When the pipeline crashes, the following msg is output:
ERROR:gstsplitmuxsink.c:852:handle_gathered_gop: assertion failed:
(queued_bytes >= splitmux->mux_start_bytes)

The potential reason is that some variables(such as structure MqStreamCtx.in_bytes, struct  _GstSplitMuxSink.muxed_out_bytes) used (in gstsplitmuxsink.c) to count the bytes number is of type gsize.
And on 32-bit platforms, gsize is 4-bytes wide. These variables will overrun as time goes by.

For example, inside function handle_mq_input() in gstsplitmuxsink.c, 
at line 1125:
ctx->in_bytes += buf_info->buf_size;
ctx->in_bytes is continually increased by 'buf_size' every time a buf is received. Sooner or later, ctx->in_bytes will overrun and cause crashes.

The fix is quite straightforward.
Just replace some 'gsize' type by 'guint64' type, as described in the enclosed attachment.
And the fix has been tested and works well.
Comment 1 Jan Schmidt 2016-08-17 08:15:41 UTC
The patch looks correct. Can you please generate the patch using 'git format-patch' and attach it? It's easier to apply and manage correct attribution that way.
Comment 2 Jie.Jiang 2016-08-20 09:34:18 UTC
Created attachment 333729 [details] [review]
patch from 'git format-patch'

Patch generated by 'git format-patch'
Comment 3 Jan Schmidt 2016-08-20 10:07:01 UTC
Thanks, applied (with an updated commit msg for clarity)

commit 655856deee7fc9cd804a03e5ace22a7e6e7a76c4
Author: Jie Jiang <>
Date:   Sat Aug 20 16:59:30 2016 +0800

    Fixed splitmuxsink 32-bit overflow bug
    Extend the byte tracking counters to 64-bit on
    all platforms, instead of using gsize, which overflows
    after 4GB.
Comment 4 Tim-Philipp Müller 2016-08-21 16:55:12 UTC
Picked into 1.8 branch as well.