[gstreamer-bugs] [Bug 547919] New: read 1 byte after allocated memory for ogg_packet
GStreamer (bugzilla.gnome.org)
bugzilla-daemon at bugzilla.gnome.org
Fri Aug 15 08:15:18 PDT 2008
If you have any questions why you received this email, please see the text at
the end of this email. Replies to this email are NOT read, please see the text
at the end of this email. You can add comments to this bug at:
http://bugzilla.gnome.org/show_bug.cgi?id=547919
GStreamer | gst-plugins-base | Ver: 0.10.18
Summary: read 1 byte after allocated memory for ogg_packet
Product: GStreamer
Version: 0.10.18
Platform: Other
OS/Version: All
Status: UNCONFIRMED
Severity: minor
Priority: Normal
Component: gst-plugins-base
AssignedTo: gstreamer-bugs at lists.sourceforge.net
ReportedBy: peter at cs.upt.ro
QAContact: gstreamer-bugs at lists.sourceforge.net
GNOME version: Unspecified
GNOME milestone: Unspecified
Hi,
I encountered the following problem while debugging with valgrind a small
application. The same shows up when using totem-gstreamer and many ogg files.
It seems that theora_read tries to read one byte past de ogg packet (see
valgrind output below). My arch is 64bit, os is ubuntu hardy. Stream seems to
play allright otherwise.
==21621== Invalid read of size 1
==21621== at 0xB097B24: oggpackB_read (bitwise.c:360)
==21621== by 0xB8D73B8: theora_read (decode.c:67)
==21621== by 0xB8D5531: th_decode_headerin (decinfo.c:132)
==21621== by 0xB8D4655: theora_decode_header (decapiwrapper.c:147)
==21621== by 0xB6C9C8D: theora_dec_decode_buffer (theoradec.c:890)
==21621== by 0xB6CA7B2: theora_dec_chain (theoradec.c:1437)
==21621== by 0x51357E8: gst_pad_chain_unchecked (gstpad.c:3523)
==21621== by 0xAA68500: gst_ogg_pad_stream_out (gstoggdemux.c:822)
==21621== by 0xAA69870: gst_ogg_pad_submit_page (gstoggdemux.c:1162)
==21621== by 0xAA69E65: gst_ogg_demux_read_chain (gstoggdemux.c:2405)
==21621== by 0xAA6B407: gst_ogg_demux_loop (gstoggdemux.c:2665)
==21621== by 0x514FB28: gst_task_func (gsttask.c:192)
==21621== Address 0xe837b60 is 0 bytes after a block of size 80 alloc'd
==21621== at 0x4C22FAB: malloc (vg_replace_malloc.c:207)
==21621== by 0x4E65EBB: g_malloc (in /usr/lib/libglib-2.0.so.0.1600.4)
==21621== by 0x511386E: gst_buffer_new_and_alloc (gstbuffer.c:328)
==21621== by 0xAA684B2: gst_ogg_pad_stream_out (gstoggdemux.c:816)
==21621== by 0xAA69870: gst_ogg_pad_submit_page (gstoggdemux.c:1162)
==21621== by 0xAA69E65: gst_ogg_demux_read_chain (gstoggdemux.c:2405)
==21621== by 0xAA6B407: gst_ogg_demux_loop (gstoggdemux.c:2665)
==21621== by 0x514FB28: gst_task_func (gsttask.c:192)
==21621== by 0x4E85E86: (within /usr/lib/libglib-2.0.so.0.1600.4)
==21621== by 0x4E84283: (within /usr/lib/libglib-2.0.so.0.1600.4)
==21621== by 0x634F3F6: start_thread (pthread_create.c:297)
==21621== by 0x6A68B2C: clone (in /usr/lib/debug/libc-2.7.so)
--
See http://bugzilla.gnome.org/page.cgi?id=email.html for more info about why you received
this email, why you can't respond via email, how to stop receiving
emails (or reduce the number you receive), and how to contact someone
if you are having problems with the system.
You can add comments to this bug at http://bugzilla.gnome.org/show_bug.cgi?id=547919.
More information about the Gstreamer-bugs
mailing list