[Bug 655347] New: theoradec: segfault on 0-byte ogg_packet in _chain_reverse
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Tue Jul 26 07:09:55 PDT 2011
https://bugzilla.gnome.org/show_bug.cgi?id=655347
GStreamer | gst-plugins-base | git
Summary: theoradec: segfault on 0-byte ogg_packet in
_chain_reverse
Classification: Platform
Product: GStreamer
Version: git
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: gst-plugins-base
AssignedTo: gstreamer-bugs at lists.freedesktop.org
ReportedBy: philipj at opera.com
QAContact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
An ogg_packet can be 0 bytes and apparently this is used in Theora. The
keyframe check in theora_dec_chain_reverse doesn't handle this and segfaults.
The input is svt2-44100Hz.ogv from
http://bugzilla-attachments.gnome.org/attachment.cgi?id=192617 with a test case
like this:
<video src="svt2-44100Hz.ogv" controls></video>
<script>
var v = document.querySelector('video');
v.onsuspend = function() {
v.currentTime = v.duration;
v.playbackRate = -1;
v.play();
};
v.preload = "auto";
</script>
In other words, seek to the end and try playing backwards. There will be a
zero-byte buffer on the gather queue.
It doesn't play very well even with this fix, but at least it doesn't crash.
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list