[Gstreamer-bugs] [Bug 105003] Changed - [SPIDER] Segfaullts on type finding
bugzilla-daemon at widget.gnome.org
bugzilla-daemon at widget.gnome.org
Sat Feb 1 10:20:58 PST 2003
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
http://bugzilla.gnome.org/show_bug.cgi?id=105003
Changed by julien at moutte.net.
--- shadow/105003 Sat Feb 1 13:16:53 2003
+++ shadow/105003.tmp.25434 Sat Feb 1 13:20:58 2003
@@ -13,6 +13,46 @@
QAContact: gstreamer-maint at bugzilla.gnome.org
TargetMilestone: 0.6.0
URL:
Summary: [SPIDER] Segfaullts on type finding
+
+------- Additional Comments From julien at moutte.net 2003-02-01 13:20 -------
+
+Ok missed the first post :)
+
+Here is info :
+
+gst-player loads several .avi divx files in its playlist.
+
+The first one plays fine but pressing next the second one segfaults..
+
+Backtracing the problem i figured out that it's always crashing
+gstflxdec when typefinding ... the GST_BUFFER_DATA seems out of bounds
+and no sanity check are made to access it...
+
+Let's see :
+
+Program received signal SIGSEGV, Segmentation fault.
+[Switching to Thread 16386 (LWP 24222)]
+flxdec_type_find (buf=0x10026350, private=0x1007bfe8)
+ at gstflxdec.c:118
+118 if ((data[4] == 0x11 || data[4] == 0x12
+
+(gdb) print data
+$1 = (guchar *) 0xffffffff <Address 0xffffffff out of bounds>
+(gdb) print *(buf)
+$6 = {data_type = {type = 268535768, refcount = {counter = 1,
+ lock = 0x0}, flags = 1026,
+ free = 0xfe04ba0 <gst_buffer_default_free>,
+ copy = 0xfe04c9c <gst_buffer_default_copy>},
+ data = 0xffffffff <Address 0xffffffff out of bounds>,
+ size = 38564, maxsize = 0, timestamp = 18446744073709551615,
+ offset = 0, pool = 0x0, pool_private = 0x0}
+(gdb)
+
+If buf->data can be out of bounds it's kind of dangerous to access
+data[n] in type finding functions without any sanity check
+
+How to solve that ?
+
More information about the Gstreamer-bugs
mailing list