[Bug 686365] New: pad: segfault querying pad caps

GStreamer (bugzilla.gnome.org) bugzilla at gnome.org
Thu Oct 18 04:19:33 PDT 2012 

https://bugzilla.gnome.org/show_bug.cgi?id=686365
  GStreamer | gstreamer (core) | 1.x

           Summary: pad: segfault querying pad caps
    Classification: Platform
           Product: GStreamer
           Version: 1.x
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: gstreamer (core)
        AssignedTo: gstreamer-bugs at lists.freedesktop.org
        ReportedBy: ylatuya at gmail.com
         QAContact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---


I can trigger a segfault in gst_pad_query_caps with the following use case:
  * pipeline appsrc nun-buffers=1 ! decodebin
  * connect to decodebin's "new-decoded-pad"
  * push one buffer to appsrc containing 5 seconds of H264 muxed in a mpegts
stream, appsrc sends an eos after this buffer is pushed because of
num-buffers=1
  * query caps in for the new pad in new_decoded_caps_cb callback

Program received signal SIGSEGV, Segmentation fault.
[Cambiando a Thread 0x7fffe3fff700 (LWP 16832)]
0x00007ffff757ba8c in g_datalist_id_get_data () from
/home/andoni/cerbero/dist/linux_x86_64/lib/libglib-2.0.so.0
(gdb) bt
#0  0x00007ffff757ba8c in g_datalist_id_get_data () from
/home/andoni/cerbero/dist/linux_x86_64/lib/libglib-2.0.so.0
#1  0x00007ffff78a78f1 in g_object_notify_queue_freeze () from
/home/andoni/cerbero/dist/linux_x86_64/lib/libgobject-2.0.so.0
#2  0x00007ffff78a93a1 in g_object_notify_by_spec_internal () from
/home/andoni/cerbero/dist/linux_x86_64/lib/libgobject-2.0.so.0
#3  0x00007ffff78a968d in g_object_notify_by_pspec () from
/home/andoni/cerbero/dist/linux_x86_64/lib/libgobject-2.0.so.0
#4  0x00007ffff7b40622 in gst_pad_store_sticky_event (pad=0x7fffe401c400,
event=<optimized out>) at gstpad.c:4429
#5  0x00007ffff7b4ac1b in gst_pad_push_event (pad=0x7fffe401c400,
event=0x7fffe4002f00) at gstpad.c:4626
#6  0x00007ffff7b4af17 in event_forward_func (pad=0x7fffe401c400,
data=0x7fffe3ffe920) at gstpad.c:2719
#7  0x00007ffff7b47f8a in gst_pad_forward (pad=0x7fffed97cb60,
forward=0x7ffff7b4ae40 <event_forward_func>, user_data=0x7fffe3ffe920) at
gstpad.c:2673
#8  0x00007ffff7b48739 in gst_pad_event_default (pad=<optimized out>,
parent=<optimized out>, event=0x7fffe4002f00) at gstpad.c:2770
#9  0x00007ffff7b41add in gst_pad_send_event_unchecked (pad=0x7fffed97cb60,
event=0x7fffe4002f00, type=<optimized out>) at gstpad.c:4821
#10 0x00007ffff7b4233e in gst_pad_push_event_unchecked (pad=0x7fffe40302f0,
event=0x7fffe4002f00, type=GST_PAD_PROBE_TYPE_EVENT_DOWNSTREAM) at
gstpad.c:4514
#11 0x00007ffff7b42838 in push_sticky (pad=0x7fffe40302f0, ev=0x7fffe3ffec30,
user_data=0x7fffe3ffeca0) at gstpad.c:3285
#12 0x00007ffff7b40372 in events_foreach (pad=0x7fffe40302f0,
func=0x7ffff7b42780 <push_sticky>, user_data=0x7fffe3ffeca0) at gstpad.c:514
#13 0x00007ffff7b4adb4 in check_sticky (pad=0x7fffe40302f0) at gstpad.c:3333
#14 gst_pad_push_event (pad=0x7fffe40302f0, event=0x7fffe4002f00) at
gstpad.c:4635
#15 0x00007fffe8db986d in gst_single_queue_push_one (object=0x7fffe4002f00,
sq=0x7fffe405b3a0, mq=0x7fffe405a040) at gstmultiqueue.c:1080
#16 gst_multi_queue_loop (pad=<optimized out>) at gstmultiqueue.c:1303
#17 0x00007ffff7b717df in gst_task_func (task=0x7cdb40) at gsttask.c:316
#18 0x00007ffff75c6e12 in g_thread_pool_thread_proxy () from
/home/andoni/cerbero/dist/linux_x86_64/lib/libglib-2.0.so.0
#19 0x00007ffff75c684d in g_thread_proxy () from
/home/andoni/cerbero/dist/linux_x86_64/lib/libglib-2.0.so.0
#20 0x00007ffff7333e9a in start_thread (arg=0x7fffe3fff700) at
pthread_create.c:308
#21 0x00007ffff7060dbd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#22 0x0000000000000000 in ?? ()
(gdb) frame 4
#4  0x00007ffff7b40622 in gst_pad_store_sticky_event (pad=0x7fffe401c400,
event=<optimized out>) at gstpad.c:4429
4429            g_object_notify_by_pspec ((GObject *) pad, pspec_caps);
(gdb) l
4424        switch (GST_EVENT_TYPE (event)) {
4425          case GST_EVENT_CAPS:
4426            GST_OBJECT_UNLOCK (pad);
4427    
4428            GST_DEBUG_OBJECT (pad, "notify caps");
4429            g_object_notify_by_pspec ((GObject *) pad, pspec_caps);
4430    
4431            GST_OBJECT_LOCK (pad);
4432            break;
4433          default:
(gdb) p *pad
$1 = {object = {object = {g_type_instance = {g_class = 0x7fffed8d5c00},
ref_count = 6, qdata = 0x7254c4}, lock = {p = 0x7fffe405b060, i = {3825578080,
32767}}, 
    name = 0x7fffdc001a70 "src_0", parent = 0x7fffed978090, flags = 29952,
control_bindings = 0x0, control_rate = 100000000, last_sync =
18446744073709551615, 
    _gst_reserved = 0x0}, element_private = 0x0, padtemplate = 0x7fffe401a420,
direction = GST_PAD_SRC, stream_rec_lock = {p = 0x7fffe4056490, i = {0, 0}},
task = 0x0, 
  block_cond = {p = 0x7fffe4059950, i = {0, 0}}, probes = {seq_id = 2,
hook_size = 72, is_setup = 1, hooks = 0x7fffe402b2d0, dummy3 = 0x0, 
    finalize_hook = 0x7ffff7589824 <default_finalize_hook>, dummy = {0x0,
0x0}}, mode = GST_PAD_MODE_PUSH, activatefunc = 0x7ffff7b479e0
<gst_pad_activate_default>, 
  activatedata = 0x0, activatenotify = 0, activatemodefunc = 0x7ffff7b35620
<gst_ghost_pad_activate_mode_default>, activatemodedata = 0x0,
activatemodenotify = 0, peer = 0x0, 
  linkfunc = 0, linkdata = 0x0, linknotify = 0, unlinkfunc = 0, unlinkdata =
0x0, unlinknotify = 0, chainfunc = 0, chaindata = 0x0, chainnotify = 0, 
  chainlistfunc = 0x7ffff7b432d0 <gst_pad_chain_list_default>, chainlistdata =
0x0, chainlistnotify = 0, getrangefunc = 0x7ffff7b350b0
<gst_proxy_pad_getrange_default>, 
  getrangedata = 0x0, getrangenotify = 0, eventfunc = 0x7ffff7b48650
<gst_pad_event_default>, eventdata = 0x0, eventnotify = 0, offset = 0, 
  queryfunc = 0x7ffff7b47fc0 <gst_pad_query_default>, querydata = 0x0,
querynotify = 0, iterintlinkfunc = 0x7ffff7b35370
<gst_proxy_pad_iterate_internal_links_default>, 
  iterintlinkdata = 0x0, iterintlinknotify = 0, num_probes = 1, num_blocked =
0, priv = 0x7fffe401c640, _gst_reserved = {0x0, 0x0, 0x0, 0x0}}
(gdb) p pspec_caps
$2 = (GParamSpec *) 0x6198f0
(gdb) p *pspec_caps
$3 = {g_type_instance = {g_class = 0x6131a0}, name = 0x7ffff7b9fec9 "caps",
flags = 225, value_type = 6360208, owner_type = 6360704, _nick = 0x7ffff7b96ec7
"Caps", 
  _blurb = 0x7ffff7b9faed "The capabilities of the pad", qdata = 0x0, ref_count
= 2, param_id = 1}
(gdb)

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list