[gstreamer-bugs] [Bug 582942] gst-plugins-vorbis crashes in libvorbis when parsing some ogg files

GStreamer (bugzilla.gnome.org) bugzilla-daemon at bugzilla.gnome.org
Sun May 17 06:09:53 PDT 2009 

If you have any questions why you received this email, please see the text at
the end of this email. Replies to this email are NOT read, please see the text
at the end of this email. You can add comments to this bug at:
  http://bugzilla.gnome.org/show_bug.cgi?id=582942

  GStreamer | gst-plugins-base | Ver: 0.10.x




------- Comment #1 from Alex Bennee  2009-05-17 13:09 UTC -------
The backtrace for the crash is thus:

(gdb) bt
#0  vorbis_synthesis (vb=0x2aaab12fcd00, op=0x428e4b50) at synthesis.c:30
#1  0x00002aaabfd45166 in vorbis_handle_data_packet (vd=0x2aaab12fcb20,
packet=0x428e4b50) at vorbisdec.c:979
#2  0x00002aaabfd466da in vorbis_dec_decode_buffer (vd=0x2aaab12fcb20,
buffer=<value optimized out>) at vorbisdec.c:1157
#3  0x00002aaabfd4720d in vorbis_dec_chain (pad=<value optimized out>,
buffer=0x2aaab12c9400) at vorbisdec.c:1368
#4  0x00002aaab983c276 in ?? () from /usr/lib/libgstreamer-0.10.so.0
#5  0x00002aaabf91e583 in gst_ogg_pad_stream_out (pad=0x2aaab12ecf60,
npackets=0) at gstoggdemux.c:805
#6  0x00002aaabf91fcea in gst_ogg_pad_submit_page (pad=0x2aaab12ecf60,
page=0x428e4f00) at gstoggdemux.c:1152
#7  0x00002aaabf920315 in gst_ogg_demux_read_chain (ogg=0x2aaab0d72c20,
res_chain=0x428e4fe0) at gstoggdemux.c:2456
#8  0x00002aaabf921811 in gst_ogg_demux_loop (pad=<value optimized out>) at
gstoggdemux.c:2716
#9  0x00002aaab985ec06 in ?? () from /usr/lib/libgstreamer-0.10.so.0
#10 0x00002abec50b2377 in ?? () from /usr/lib/libglib-2.0.so.0
#11 0x00002abec50b0de4 in ?? () from /usr/lib/libglib-2.0.so.0
#12 0x00002abec5746097 in start_thread () from /lib/libpthread.so.0
#13 0x00002abec5ca2ccd in clone () from /lib/libc.so.6
#14 0x0000000000000000 in ?? ()
(gdb) frame 0
#0  vorbis_synthesis (vb=0x2aaab12fcd00, op=0x428e4b50) at synthesis.c:30
30        codec_setup_info     *ci=vi->codec_setup;
(gdb) p ci
No symbol "ci" in current context.
(gdb) p vi
$7 = (vorbis_info *) 0x0
(gdb) p vb
$8 = (vorbis_block *) 0x2aaab12fcd00
(gdb) p *vb
$9 = {pcm = 0x0, opb = {endbyte = 0, endbit = 0, buffer = 0x0, ptr = 0x0,
storage = 0}, lW = 0, W = 0, nW = 0, pcmend = 0, mode = 0, eofflag = 0,
granulepos = 0, sequence = 0, vd = 0x2aaab12fcc18, localstore = 0x0, localtop =
0, 
  localalloc = 0, totaluse = 0, reap = 0x0, glue_bits = 0, time_bits = 0,
floor_bits = 0, res_bits = 0, internal = 0x0}
(gdb) l
25
26      int vorbis_synthesis(vorbis_block *vb,ogg_packet *op){
27        vorbis_dsp_state     *vd=vb->vd;
28        private_state        *b=vd->backend_state;
29        vorbis_info          *vi=vd->vi;
30        codec_setup_info     *ci=vi->codec_setup;
31        oggpack_buffer       *opb=&vb->opb;
32        int                   type,mode,i;
33       
34        /* first things first.  Make sure decode is ready */
(gdb) p *vd
$10 = {analysisp = 0, vi = 0x0, pcm = 0x0, pcmret = 0x0, pcm_storage = 0,
pcm_current = 0, pcm_returned = 0, preextrapolate = 0, eofflag = 0, lW = 0, W =
0, nW = 0, centerW = 0, granulepos = 0, sequence = 0, glue_bits = 0, 
  time_bits = 0, floor_bits = 0, res_bits = 0, backend_state = 0x0}
(gdb) frame 1
#1  0x00002aaabfd45166 in vorbis_handle_data_packet (vd=0x2aaab12fcb20,
packet=0x428e4b50) at vorbisdec.c:979
979       if (G_UNLIKELY (vorbis_synthesis (&vd->vb, packet)))
(gdb) frame 2
#2  0x00002aaabfd466da in vorbis_dec_decode_buffer (vd=0x2aaab12fcb20,
buffer=<value optimized out>) at vorbisdec.c:1157
1157        result = vorbis_handle_data_packet (vd, &packet);
(gdb) frame 3
#3  0x00002aaabfd4720d in vorbis_dec_chain (pad=<value optimized out>,
buffer=0x2aaab12c9400) at vorbisdec.c:1368
1368      result = vorbis_dec_decode_buffer (vd, buffer);
(gdb) frame 4
#4  0x00002aaab983c276 in ?? () from /usr/lib/libgstreamer-0.10.so.0
(gdb) frame 3
#3  0x00002aaabfd4720d in vorbis_dec_chain (pad=<value optimized out>,
buffer=0x2aaab12c9400) at vorbisdec.c:1368
1368      result = vorbis_dec_decode_buffer (vd, buffer);
(gdb) info frame
Stack level 3, frame at 0x428e4c80:
 rip = 0x2aaabfd4720d in vorbis_dec_chain (vorbisdec.c:1368); saved rip
0x2aaab983c276
 called by frame at 0x428e4cd0, caller of frame at 0x428e4bd0
 source language c.
 Arglist at 0x428e4bc8, args: pad=<value optimized out>, buffer=0x2aaab12c9400
 Locals at 0x428e4bc8, Previous frame's sp is 0x428e4c80
 Saved registers:
  rbx at 0x428e4c48, rbp at 0x428e4c50, r12 at 0x428e4c58, r13 at 0x428e4c60,
r14 at 0x428e4c68, r15 at 0x428e4c70, rip at 0x428e4c78
(gdb) info locals
vd = (GstVorbisDec *) 0x2aaab12fcb20
result = <value optimized out>
discont = 0
__PRETTY_FUNCTION__ = "vorbis_dec_chain"
(gdb) p *vd
$11 = {element = {object = {object = {g_type_instance = {g_class =
0x2aaab12de690}, ref_count = 2, qdata = 0x0}, refcount = 0, lock = 0x2163ba0,
name = 0x33891e0 "vorbisdec4", name_prefix = 0x0, parent = 0x0, flags = 0, 
      _gst_reserved = 0x0}, state_lock = 0x33f08c0, state_cond = 0x33db550,
state_cookie = 1, current_state = GST_STATE_PAUSED, next_state =
GST_STATE_VOID_PENDING, pending_state = GST_STATE_VOID_PENDING, 
    last_return = GST_STATE_CHANGE_SUCCESS, bus = 0x0, clock = 0x0, base_time =
0, numpads = 2, pads = 0x2aaab13708a0, numsrcpads = 1, srcpads = 0x2205fa0,
numsinkpads = 1, sinkpads = 0x2aaab1350c20, pads_cookie = 2, abidata = {ABI = {
        target_state = GST_STATE_PAUSED}, _gst_reserved = {0x3, 0x0, 0x0,
0x0}}}, sinkpad = 0x2aaab12b7450, srcpad = 0x2aaab12fe730, vd = {analysisp = 0,
vi = 0x0, pcm = 0x0, pcmret = 0x0, pcm_storage = 0, pcm_current = 0, 
    pcm_returned = 0, preextrapolate = 0, eofflag = 0, lW = 0, W = 0, nW = 0,
centerW = 0, granulepos = 0, sequence = 0, glue_bits = 0, time_bits = 0,
floor_bits = 0, res_bits = 0, backend_state = 0x0}, vi = {version = 0, channels
= 2, 
    rate = 44100, bitrate_upper = 4294967295, bitrate_nominal = 112015,
bitrate_lower = 4294967295, bitrate_window = 0, codec_setup = 0x3458b30}, vc =
{user_comments = 0x2254cc0, comment_lengths = 0x33442e0, comments = 2, 
    vendor = 0x33d3930 "Xiphophorus libVorbis I 20011231"}, vb = {pcm = 0x0,
opb = {endbyte = 0, endbit = 0, buffer = 0x0, ptr = 0x0, storage = 0}, lW = 0,
W = 0, nW = 0, pcmend = 0, mode = 0, eofflag = 0, granulepos = 0, sequence = 0, 
    vd = 0x2aaab12fcc18, localstore = 0x0, localtop = 0, localalloc = 0,
totaluse = 0, reap = 0x0, glue_bits = 0, time_bits = 0, floor_bits = 0,
res_bits = 0, internal = 0x0}, granulepos = 18446744073709551615, initialized =
1, 
  queued = 0x0, output = 0x0, gather = 0x0, decode = 0x0, segment = {rate = 1,
abs_rate = 1, format = GST_FORMAT_TIME, flags = GST_SEEK_FLAG_NONE, start = 0,
stop = -1, time = 0, accum = 0, last_stop = 0, duration = -1, 
    applied_rate = 1, _gst_reserved = '\0' <repeats 23 times>}, discont = 1,
seqnum = 486, cur_timestamp = 18446744073709551615, prev_timestamp =
18446744073709551615, pendingevents = 0x0, taglist = 0x0}


-- 
See http://bugzilla.gnome.org/page.cgi?id=email.html for more info about why you received
this email, why you can't respond via email, how to stop receiving
emails (or reduce the number you receive), and how to contact someone
if you are having problems with the system.

You can add comments to this bug at http://bugzilla.gnome.org/show_bug.cgi?id=582942.

More information about the Gstreamer-bugs mailing list