[gstreamer-bugs] [Bug 530531] New: bad read in mpegvid typefinding
GStreamer (bugzilla.gnome.org)
bugzilla-daemon at bugzilla.gnome.org
Tue Apr 29 03:08:28 PDT 2008
If you have any questions why you received this email, please see the text at
the end of this email. Replies to this email are NOT read, please see the text
at the end of this email. You can add comments to this bug at:
http://bugzilla.gnome.org/show_bug.cgi?id=530531
GStreamer | gst-plugins-base | Ver: HEAD CVS
Summary: bad read in mpegvid typefinding
Product: GStreamer
Version: HEAD CVS
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: Normal
Component: gst-plugins-base
AssignedTo: gstreamer-bugs at lists.sourceforge.net
ReportedBy: wingo at pobox.com
QAContact: gstreamer-bugs at lists.sourceforge.net
GNOME version: Unspecified
GNOME milestone: Unspecified
==4328== Invalid read of size 1
==4328== at 0xC81C758: mpeg_video_stream_type_find
(gsttypefindfunctions.c:1691)
==4328== by 0x5321E0E: gst_type_find_factory_call_function
(gsttypefindfactory.c:243)
==4328== by 0xC1F4124: gst_type_find_helper_get_range
(gsttypefindhelper.c:270)
==4328== by 0xBFC8482: gst_type_find_element_activate
(gsttypefindelement.c:771)
==4328== by 0x530A3C1: gst_pad_set_active (gstpad.c:658)
==4328== by 0x52F27E5: activate_pads (gstelement.c:2509)
==4328== by 0x52FD902: gst_iterator_fold (gstiterator.c:503)
==4328== by 0x52F226A: iterator_activate_fold_with_resync
(gstelement.c:2541)
==4328== by 0x52F2377: gst_element_pads_activate (gstelement.c:2585)
==4328== by 0x52F2680: gst_element_change_state_func (gstelement.c:2651)
==4328== by 0xBFC69CC: gst_type_find_element_change_state
(gsttypefindelement.c:821)
==4328== by 0x52EEFDA: gst_element_change_state (gstelement.c:2425)
==4328== Address 0xD48F52C is 4 bytes after a block of size 2,048 alloc'd
==4328== at 0x4A059F6: malloc (vg_replace_malloc.c:149)
==4328== by 0x5F29FF7: g_malloc (gmem.c:131)
==4328== by 0x52E358F: gst_buffer_new_and_alloc (gstbuffer.c:328)
==4328== by 0xBFBC951: gst_file_src_create (gstfilesrc.c:786)
==4328== by 0xC1E74EF: gst_base_src_get_range (gstbasesrc.c:1818)
==4328== by 0xC1E89FD: gst_base_src_pad_get_range (gstbasesrc.c:1936)
==4328== by 0x5302F4D: gst_pad_get_range (gstpad.c:3857)
==4328== by 0x5303468: gst_pad_pull_range (gstpad.c:3990)
==4328== by 0x52F8C3E: gst_proxy_pad_do_getrange (gstghostpad.c:205)
==4328== by 0xC1F4405: helper_find_peek (gsttypefindhelper.c:137)
==4328== by 0x53218CF: gst_type_find_peek (gsttypefind.c:133)
==4328== by 0xC81C6F1: mpeg_video_stream_type_find
(gsttypefindfunctions.c:1673)
It seems obvious in the code (gsttypefindfunctions.c:1691) that size can go
negative (indicating a read past the end of the array). However I do not know
what the right fix is.
The file is a quicktime movie.
/kipple/pt-asp1.mp4: ISO Media, MPEG v4 system, version 1
--
See http://bugzilla.gnome.org/page.cgi?id=email.html for more info about why you received
this email, why you can't respond via email, how to stop receiving
emails (or reduce the number you receive), and how to contact someone
if you are having problems with the system.
You can add comments to this bug at http://bugzilla.gnome.org/show_bug.cgi?id=530531.
More information about the Gstreamer-bugs
mailing list