[Bug 655727] New: Segfault gst_rtcp_packet_get_rb
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Mon Aug 1 08:54:48 PDT 2011
https://bugzilla.gnome.org/show_bug.cgi?id=655727
GStreamer | gst-plugins-base | git
Summary: Segfault gst_rtcp_packet_get_rb
Classification: Platform
Product: GStreamer
Version: git
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: gst-plugins-base
AssignedTo: gstreamer-bugs at lists.freedesktop.org
ReportedBy: anthony.violo at ubicast.eu
QAContact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
Created an attachment (id=192991)
View: https://bugzilla.gnome.org/attachment.cgi?id=192991
Review: https://bugzilla.gnome.org/review?bug=655727&attachment=192991
Segfault gst_rtcp_packet_get_rb
hello,
I found a segfault in the function gst_rtcp_packet_get_rb at line 1002, when
GST_READ_UINT32_BE (data) is called;
it seems that offsetting the pointer to data can cause a buffer overflow (e.g.
*data += 24) in some conditions.
I noticed that in my case (using and Elphel camera where buffer size is always
28) packet->type is never GST_RTCP_TYPE_RR, which causes a systematic 24
offset;
added to other offset operations, the total offset sometimes is > buffer->size,
which causes (IMO) the GST_READ_UINT32_BE segfault.
How should this bug be fixed ? Am i correct in analyzing the behaviour ? Any
ideas ?
Pipeline :
gst-launch rtspsrc location=camera protocols=0x00000001 latency=50 !
rtpjpegdepay ! jpegdec ! videoscale ! videorate ! "video/x-raw-yuv,
format=(fourcc)I420, width=(int)2592, height=(int)816,
framerate=(fraction)25/1" ! jpegenc ! matroskamux ! filesink
location=test_jpeg.mkv
Details (pipeline, full backtrace) here: http://pastebin.com/g3t8YLBg
For the moment, i made a patch for correct this bug.
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list