[gstreamer-bugs] [Bug 582942] crash in libvorbis when parsing some ogg files

GStreamer (bugzilla.gnome.org) bugzilla-daemon at bugzilla.gnome.org
Tue May 19 08:47:00 PDT 2009 

If you have any questions why you received this email, please see the text at
the end of this email. Replies to this email are NOT read, please see the text
at the end of this email. You can add comments to this bug at:
  http://bugzilla.gnome.org/show_bug.cgi?id=582942

  GStreamer | gst-plugins-base | Ver: 0.10.x




------- Comment #13 from Alex Bennee  2009-05-19 15:46 UTC -------
Afraid it's not the bug that hit me:

Starting program:
/home/alex/src/gstreamer/gstreamer.git/tools/.libs/lt-gst-launch-0.10 filesrc
location=/home/alex/broken.ogg \! decodebin2 \! audioconvert \! audioresample
\! autoaudiosink
[Thread debugging using libthread_db enabled]
[New Thread 0x7f2d807a86f0 (LWP 23604)]
Setting pipeline to PAUSED ...
[New Thread 0x4094b950 (LWP 23608)]
Pipeline is PREROLLING ...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x4094b950 (LWP 23608)]
vorbis_synthesis (vb=0xeb3000, op=0x4094a880) at synthesis.c:30
30        codec_setup_info     *ci=vi->codec_setup;
(gdb) bt
#0  vorbis_synthesis (vb=0xeb3000, op=0x4094a880) at synthesis.c:30
#1  0x00007f2d7b916f29 in vorbis_handle_data_packet (vd=0xeb2e20,
packet=0x4094a880) at vorbisdec.c:979
#2  0x00007f2d7b918b2f in vorbis_dec_decode_buffer (vd=0xeb2e20,
buffer=0x7f2d74004040) at vorbisdec.c:1157
#3  0x00007f2d7b919cfb in vorbis_dec_chain_forward (vd=0xeb2e20, discont=0,
buffer=0x7f2d74004040) at vorbisdec.c:1368
#4  0x00007f2d7b919e21 in vorbis_dec_chain (pad=0xf28170,
buffer=0x7f2d74004040) at vorbisdec.c:1400
#5  0x00007f2d8033407f in gst_pad_chain_data_unchecked (pad=0xf28170,
is_buffer=1, data=0x7f2d74004040) at gstpad.c:4042
#6  0x00007f2d80333e62 in gst_pad_chain (pad=0xf28170, buffer=0x7f2d74004040)
at gstpad.c:4175
#7  0x00007f2d7c154fcd in gst_ogg_demux_chain_elem_pad (pad=0xf2a1a0,
packet=0x4094ac70) at gstoggdemux.c:805
#8  0x00007f2d7c1559a7 in gst_ogg_pad_submit_packet (pad=0xf2a1a0,
packet=0x4094ac70) at gstoggdemux.c:995
#9  0x00007f2d7c15642e in gst_ogg_pad_stream_out (pad=0xf2a1a0, npackets=0) at
gstoggdemux.c:1080
#10 0x00007f2d7c156683 in gst_ogg_pad_submit_page (pad=0xf2a1a0,
page=0x4094ae50) at gstoggdemux.c:1152
#11 0x00007f2d7c15b90d in gst_ogg_demux_read_chain (ogg=0xf261b0,
res_chain=0x4094af00) at gstoggdemux.c:2486
#12 0x00007f2d7c15c5f7 in gst_ogg_demux_find_chains (ogg=0xf261b0) at
gstoggdemux.c:2746
#13 0x00007f2d7c15e106 in gst_ogg_demux_loop (pad=0xe96b80) at
gstoggdemux.c:3106
#14 0x00007f2d803588b2 in gst_task_func (task=0xf29080) at gsttask.c:234
#15 0x00007f2d80359a8f in default_func (tdata=0xddd250, pool=0xddd810) at
gsttaskpool.c:70
#16 0x00007f2d7f000377 in ?? () from /usr/lib/libglib-2.0.so.0
#17 0x00007f2d7effede4 in ?? () from /usr/lib/libglib-2.0.so.0
#18 0x00007f2d7f48a097 in start_thread () from /lib/libpthread.so.0
#19 0x00007f2d7e90cccd in clone () from /lib/libc.so.6
#20 0x0000000000000000 in ?? ()
(gdb) grame 1
Undefined command: "grame".  Try "help".
(gdb) frame 1
#1  0x00007f2d7b916f29 in vorbis_handle_data_packet (vd=0xeb2e20,
packet=0x4094a880) at vorbisdec.c:979
979       if (G_UNLIKELY (vorbis_synthesis (&vd->vb, packet)))
(gdb) p *vd
$1 = {element = {object = {object = {g_type_instance = {g_class = 0xf334c0},
ref_count = 2, qdata = 0x0}, refcount = 0, lock = 0xe34350, name = 0xe34380
"vorbisdec0", name_prefix = 0x0, parent = 0x0, flags = 0, _gst_reserved = 0x0}, 
    state_lock = 0xe343a0, state_cond = 0xf37750, state_cookie = 1,
current_state = GST_STATE_PAUSED, next_state = GST_STATE_VOID_PENDING,
pending_state = GST_STATE_VOID_PENDING, last_return = GST_STATE_CHANGE_SUCCESS,
bus = 0x0, 
    clock = 0x0, base_time = 0, numpads = 2, pads = 0xf250e0, numsrcpads = 1,
srcpads = 0xf25160, numsinkpads = 1, sinkpads = 0xe32540, pads_cookie = 2,
abidata = {ABI = {target_state = GST_STATE_PAUSED}, _gst_reserved = {0x3, 0x0, 
        0x0, 0x0}}}, sinkpad = 0xf28170, srcpad = 0xf282e0, vd = {analysisp =
0, vi = 0x0, pcm = 0x0, pcmret = 0x0, pcm_storage = 0, pcm_current = 0,
pcm_returned = 0, preextrapolate = 0, eofflag = 0, lW = 0, W = 0, nW = 0, 
    centerW = 0, granulepos = 0, sequence = 0, glue_bits = 0, time_bits = 0,
floor_bits = 0, res_bits = 0, backend_state = 0x0}, vi = {version = 0, channels
= 2, rate = 44100, bitrate_upper = 4294967295, bitrate_nominal = 112015, 
    bitrate_lower = 4294967295, bitrate_window = 0, codec_setup = 0xf37f70}, vc
= {user_comments = 0xe33fb0, comment_lengths = 0xe34330, comments = 2, vendor =
0xf39650 "Xiphophorus libVorbis I 20011231"}, vb = {pcm = 0x0, opb = {
      endbyte = 0, endbit = 0, buffer = 0x0, ptr = 0x0, storage = 0}, lW = 0, W
= 0, nW = 0, pcmend = 0, mode = 0, eofflag = 0, granulepos = 0, sequence = 0,
vd = 0xeb2f18, localstore = 0x0, localtop = 0, localalloc = 0, totaluse = 0, 
    reap = 0x0, glue_bits = 0, time_bits = 0, floor_bits = 0, res_bits = 0,
internal = 0x0}, granulepos = 18446744073709551615, initialized = 1, queued =
0x0, output = 0x0, gather = 0x0, decode = 0x0, segment = {rate = 1, abs_rate =
1, 
    format = GST_FORMAT_TIME, flags = GST_SEEK_FLAG_NONE, start = 0, stop = -1,
time = 0, accum = 0, last_stop = 0, duration = -1, applied_rate = 1,
_gst_reserved = '\0' <repeats 23 times>}, discont = 1, seqnum = 36, 
  cur_timestamp = 18446744073709551615, prev_timestamp = 18446744073709551615,
pendingevents = 0x0, taglist = 0x0}
(gdb) frame 0
#0  vorbis_synthesis (vb=0xeb3000, op=0x4094a880) at synthesis.c:30
30        codec_setup_info     *ci=vi->codec_setup;
(gdb) p vi
$2 = (vorbis_info *) 0x0
(gdb) 


-- 
See http://bugzilla.gnome.org/page.cgi?id=email.html for more info about why you received
this email, why you can't respond via email, how to stop receiving
emails (or reduce the number you receive), and how to contact someone
if you are having problems with the system.

You can add comments to this bug at http://bugzilla.gnome.org/show_bug.cgi?id=582942.

More information about the Gstreamer-bugs mailing list