can you provide a sample stream that causes this?

Also no need to always CC me in your bug reports. If anything it makes it less likely that I'm going to take a look ;)

Sorry, I though that it was interested for you. I won't do it again ;).

The streams is received from RTP, but I will try to get it if this can help to fix the bug.

(In reply to Miguel París Díaz from comment #2)
> Sorry, I though that it was interested for you. I won't do it again ;).

It is, but I get mails about every new bug report and any changes to existing ones anyway.


For RTP, you can create a pcap capture for example and then use pcapparse. Or GDP.

Thanks for your suggestion I was able to generate a GDP file [1] that can be used to reproduce the problem just using gst-launch in the next way:
gst-launch -v -m filesrc location=h264.gdp ! gdpdepay ! h264parse ! fakesink

After few seconds the next error is logged out and the process is core dumped:
GLib-ERROR **: /build/glib2.0-prJhLS/glib2.0-2.48.2/./glib/gmem.c:100: failed to allocate 18446744071568623010 bytes

Refs
[1] https://www.dropbox.com/s/snam0v634ycnu2n/h264.gdp?dl=0

Yes I can confirm. A smaller file would've been nicer, but ok :)

You are right, I was also surprised about the huge size of the file because the video duration is only few seconds.
So, I suppose that this should be related to the bug and that the "remote encoder" should do something that makes GStreamer pipeline to crash, what can be considered a security problem.
What do you think?

Where does the stream come from btw, it's definitely broken :) The NAL sizes are indeed huge for the SPS, and each new SPS seems to be twice as big. We should just error out on that at some point.

Note that we also keep every SPS around as they all have different IDs, they are not cleaned up at any point because they might still be used in the future. So a proper fix should probably also consider that.

However for the SPS, we should just set a reasonable size limit. It can't be infinitely large. Not sure what number is a good maximum though.

The stream comes from Chrome.
I totally agree with you, it seems a the behavior of Chrome is not correct and we should protect ourself detecting this case and returning an error instead of crashing.
What I do not know is which would be a reasonable limit :S.
Do you have some suggestion or can we ask somebody familiar with H.264?

Can you also provide a GDP stream from before the rtph264depay? The RTP packets. Maybe rtph264depay breaks the stream.

These big "SPS" packets actually contain a full PPS and IDR embedded afterward. It could be rtph264depay doing something dumb - if it were actually in the stream I'd expect it to just chew up all bandwidth and completely fail to play after a short time.

Hello again,
I have created a GDP file [1] with RTP packets (just before the depayloader) as Sebastian requested.
This GDP file is 266KB, while the related GDP file after the depayloader is 7.7GB.

In order to reproduce the problem you can run the next pipeline: 
gst-launch -v -m filesrc location=gdp-rtp-h264-depay_in-001.out ! gdpdepay ! rtph264depay ! h264parse ! fakesink

After a while the next error is logged out and the process is core dumped:
GLib-ERROR **: /build/glib2.0-prJhLS/glib2.0-2.48.2/./glib/gmem.c:100: failed to allocate 18446744073543753205 bytes

Refs
[1] https://www.dropbox.com/s/dfsx6wlwbvyf70w/gdp-rtp-h264-depay_in-001.out?dl=0

Clearly rtph264depay then, thanks :)

I have seen senders that send multiple NALs (with bytestream sync markers) as one NAL rtp chunk fwiw, so worth checking if that's what's happening here.

That 2nd dropbox link isn't generally accessible

Sorry Jan, I did not realize it.
I have just updated the permissions, please try again ;).

I can reproduce the bug with 1.8, but not with 1.10 or git master. Seems to have been fixed in rtph264depay since then, probably by

commit 7025d014bbec126d2e583f6a71ec3149797eb345
Author: Olivier Crête <olivier.crete@collabora.com>
Date:   Tue Sep 27 15:26:19 2016 -0400

    rtph26[45]depay: Don't handle NALs inside STAP units twice
    
    They've already been handled before pushing them into the adapter.

Great!!
I will check several times again with this patch and will close this issue if I cannot reproduce it.
Thank you :D.

Fixed by commit commented by Jan.
Thanks!!

You should really consider updating your GStreamer version though :)

Sure, it seems that there are a lot of bugfixes :D.