[Bug 748571] gst-plugins-faad: crash in gst_faad_set_format

Thu May 7 02:49:45 PDT 2015

https://bugzilla.gnome.org/show_bug.cgi?id=748571

djcb at djcbsoftware.nl changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djcb at djcbsoftware.nl

--- Comment #2 from djcb at djcbsoftware.nl ---
With today's Fedora 22, I can reliably reproduce this segv when playing an mp4
file (e.g. mp3s work fine).

Also, this only started today; looking at what changed when I upgraded today:

   Upgraded a52dec-0.7.4-19.fc21.x86_64                          (unknown)
    Upgrade         0.7.4-19.fc22.x86_64                         
@rpmfusion-free
@rpmfusion-free
    Upgraded faad2-1:2.7-6.fc21.x86_64                            (unknown)
    Upgrade        1:2.7-6.fc22.x86_64                           
@rpmfusion-free
    Upgraded faad2-libs-1:2.7-6.fc21.x86_64                       (unknown)
    Upgrade             1:2.7-6.fc22.x86_64                      
@rpmfusion-free
    Upgraded gstreamer1-libav-1.4.3-1.fc21.x86_64                 (unknown)
    Upgrade                   1.4.3-1.fc22.x86_64                
@rpmfusion-free
    Upgraded gstreamer1-plugins-bad-freeworld-1.4.3-1.fc21.x86_64 (unknown)
    Upgrade                                   1.4.3-1.fc22.x86_64
@rpmfusion-free

So it could be one of those..

% gdb --args gst-launch-1.0 playbin uri=file:///home/djcb/test.mp4
GNU gdb (GDB) Fedora 7.9-11.fc22
Copyright (C) 2015 Free Software Foundation, Inc.
[...]
Reading symbols from gst-launch-1.0...Reading symbols from
/usr/lib/debug/usr/bin/gst-launch-1.0.debug...done.
done.
gdb% r
Starting program: /usr/bin/gst-launch-1.0 playbin
uri=file:///home/djcb/test.mp4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Setting pipeline to PAUSED ...
Pipeline is PREROLLING ...
[New Thread 0x7fffee8f1700 (LWP 32072)]
[New Thread 0x7fffe7fff700 (LWP 32074)]
[New Thread 0x7fffe77fe700 (LWP 32075)]
[New Thread 0x7fffda803700 (LWP 32076)]
[New Thread 0x7fffee0f0700 (LWP 32073)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe77fe700 (LWP 32075)]
gst_memory_unmap (mem=0x7fff00000000, info=info at entry=0x7fffe77fd9c0) at
gstmemory.c:339
339      mem->allocator->mem_unmap (mem);
gdb% thread apply all bt

Thread 6 (Thread 0x7fffee0f0700 (LWP 32073)):
#0  0x00007ffff6c5366d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff73873ec in g_main_context_poll (priority=2147483647, n_fds=1,
fds=0x7fffe00008c0, timeout=<optimized out>, context=0x7f9760) at gmain.c:4103
#2  g_main_context_iterate (context=context at entry=0x7f9760,
block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at
gmain.c:3803
#3  0x00007ffff73874fc in g_main_context_iteration (context=0x7f9760,
may_block=may_block at entry=1) at gmain.c:3869
#4  0x00007ffff7387539 in glib_worker_main (data=<optimized out>) at
gmain.c:5618
#5  0x00007ffff73ae335 in g_thread_proxy (data=0x7e18a0) at gthread.c:764
#6  0x00007ffff6f24555 in start_thread (arg=0x7fffee0f0700) at
pthread_create.c:333
#7  0x00007ffff6c5ef3d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 5 (Thread 0x7fffda803700 (LWP 32076)):
#0  0x00007ffff6c5366d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fffe6de06d1 in poll (__timeout=10, __nfds=2, __fds=0x7fffd0000910)
at /usr/include/bits/poll2.h:46
#2  poll_func (ufds=0x7fffd0000910, nfds=2, timeout=10,
userdata=0x7fffd4019330) at pulse/thread-mainloop.c:69
#3  0x00007fffe6dd1dd1 in pa_mainloop_poll (m=<optimized out>) at
pulse/mainloop.c:844
#4  0x00007fffe6dd246e in pa_mainloop_iterate (m=<optimized out>,
block=<optimized out>, retval=<optimized out>) at pulse/mainloop.c:926
#5  0x00007fffe6dd2520 in pa_mainloop_run (m=<optimized out>, retval=<optimized
out>) at pulse/mainloop.c:944
#6  0x00007fffe6de0666 in thread (userdata=0x7fffd40191f0) at
pulse/thread-mainloop.c:88
#7  0x00007fffe6976708 in internal_thread_func (userdata=0x7fffd40193e0) at
pulsecore/thread-posix.c:81
#8  0x00007ffff6f24555 in start_thread (arg=0x7fffda803700) at
pthread_create.c:333
#9  0x00007ffff6c5ef3d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 4 (Thread 0x7fffe77fe700 (LWP 32075)):
#0  gst_memory_unmap (mem=0x7fff00000000, info=info at entry=0x7fffe77fd9c0) at
gstmemory.c:339
#1  0x00007ffff7b02f26 in gst_buffer_unmap (buffer=<optimized out>,
info=0x7fffe77fd9c0) at gstbuffer.c:1622
#2  0x00007fffd9e002f4 in gst_faad_set_format () from
/usr/lib64/gstreamer-1.0/libgstfaad.so
#3  0x00007fffef8dfbe4 in gst_audio_decoder_sink_setcaps (caps=0x7fffd40031e0,
dec=0x7fffd4025400) at gstaudiodecoder.c:866
#4  gst_audio_decoder_do_caps (dec=dec at entry=0x7fffd4025400) at
gstaudiodecoder.c:1737
#5  0x00007fffef8e2f2f in gst_audio_decoder_chain (pad=0x7fffdc010700,
parent=0x7fffd4025400, buffer=0x7fffe80219f0) at gstaudiodecoder.c:1756
#6  0x00007ffff7b31dbf in gst_pad_chain_data_unchecked (data=0x7fffe80219f0,
type=4112, pad=0x7fffdc010700) at gstpad.c:3830
#7  gst_pad_push_data (pad=0x7efb50, type=type at entry=4112, data=<optimized
out>, data at entry=0x7fffe80219f0) at gstpad.c:4063
#8  0x00007ffff7b38bc6 in gst_pad_push (pad=<optimized out>,
buffer=buffer at entry=0x7fffe80219f0) at gstpad.c:4174
#9  0x00007fffef1fa1a4 in gst_base_parse_push_frame
(parse=parse at entry=0x7fffdc00cb00, frame=frame at entry=0x7fffe77fdca0) at
gstbaseparse.c:2304
#10 0x00007fffef1fad82 in gst_base_parse_chain (pad=<optimized out>,
parent=0x7fffdc00cb00, buffer=0x7fffe80219f0) at gstbaseparse.c:2824
#11 0x00007ffff7b31dbf in gst_pad_chain_data_unchecked (data=0x7fffe80219f0,
type=4112, pad=0x7ef920) at gstpad.c:3830
#12 gst_pad_push_data (pad=0x7ef6f0, type=type at entry=4112, data=<optimized
out>, data at entry=0x7fffe80219f0) at gstpad.c:4063
#13 0x00007ffff7b38bc6 in gst_pad_push (pad=<optimized out>,
buffer=buffer at entry=0x7fffe80219f0) at gstpad.c:4174
#14 0x00007fffee914bcc in gst_single_queue_push_one (object=0x7fffe80219f0,
sq=0x7fffdc007d20, mq=0x7fffdc008070) at gstmultiqueue.c:1229
#15 gst_multi_queue_loop (pad=<optimized out>) at gstmultiqueue.c:1484
#16 0x00007ffff7b5fb01 in gst_task_func (task=0x7fab90) at gsttask.c:316
#17 0x00007ffff73aecce in g_thread_pool_thread_proxy (data=<optimized out>) at
gthreadpool.c:307
#18 0x00007ffff73ae335 in g_thread_proxy (data=0x7fffdc004000) at gthread.c:764
#19 0x00007ffff6f24555 in start_thread (arg=0x7fffe77fe700) at
pthread_create.c:333
#20 0x00007ffff6c5ef3d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 3 (Thread 0x7fffe7fff700 (LWP 32074)):
#0  gst_qtdemux_pull_atom (qtdemux=qtdemux at entry=0x7fffe810c050,
offset=<optimized out>, size=size at entry=560, buf=buf at entry=0x7fffe7ffedd8) at
qtdemux.c:634
#1  0x00007fffeca71d3a in gst_qtdemux_loop_state_movie (qtdemux=0x7fffe810c050)
at qtdemux.c:4272
#2  gst_qtdemux_loop (pad=0x7ee9d0) at qtdemux.c:4363
#3  0x00007ffff7b5fb01 in gst_task_func (task=0x7fa5f0) at gsttask.c:316
#4  0x00007ffff73aecce in g_thread_pool_thread_proxy (data=<optimized out>) at
gthreadpool.c:307
#5  0x00007ffff73ae335 in g_thread_proxy (data=0x7fffe810f4a0) at gthread.c:764
#6  0x00007ffff6f24555 in start_thread (arg=0x7fffe7fff700) at
pthread_create.c:333
#7  0x00007ffff6c5ef3d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 2 (Thread 0x7fffee8f1700 (LWP 32072)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1  0x00007ffff73cc35f in g_cond_wait (cond=cond at entry=0x7fa0b0,
mutex=mutex at entry=0x7fa068) at gthread-posix.c:1395
#2  0x00007ffff7b5fc9d in gst_task_func (task=0x7fa050) at gsttask.c:301
#3  0x00007ffff73aecce in g_thread_pool_thread_proxy (data=<optimized out>) at
gthreadpool.c:307
#4  0x00007ffff73ae335 in g_thread_proxy (data=0x7e18f0) at gthread.c:764
#5  0x00007ffff6f24555 in start_thread (arg=0x7fffee8f1700) at
pthread_create.c:333
#6  0x00007ffff6c5ef3d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7ffff7fc8700 (LWP 32068)):
#0  0x00007ffff6c5366d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff73873ec in g_main_context_poll (priority=2147483647, n_fds=2,
fds=0x7f9bc0, timeout=<optimized out>, context=0x7f9a60) at gmain.c:4103
#2  g_main_context_iterate (context=0x7f9a60, block=block at entry=1,
dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3803
#3  0x00007ffff7387772 in g_main_loop_run (loop=0x7f5170) at gmain.c:4002
#4  0x00007ffff7b087ba in gst_bus_poll (bus=bus at entry=0x7c7660,
events=events at entry=GST_MESSAGE_ANY, timeout=<optimized out>) at gstbus.c:1091
#5  0x00000000004046f8 in event_loop (pipeline=0x7dea60,
blocking=blocking at entry=1, do_progress=do_progress at entry=1,
target_state=target_state at entry=GST_STATE_PAUSED) at gst-launch.c:512
#6  0x0000000000403726 in main (argc=3, argv=0x7fffffffd738) at
gst-launch.c:1049
gdb%

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.