[gstreamer-bugs] [Bug 582942] crash in libvorbis when parsing some ogg files

GStreamer (bugzilla.gnome.org) bugzilla-daemon at bugzilla.gnome.org
Sat May 23 03:37:57 PDT 2009


If you have any questions why you received this email, please see the text at
the end of this email. Replies to this email are NOT read, please see the text
at the end of this email. You can add comments to this bug at:
  http://bugzilla.gnome.org/show_bug.cgi?id=582942

  GStreamer | gst-plugins-base | Ver: 0.10.x




------- Comment #26 from Alex Bennee  2009-05-23 10:37 UTC -------
(In reply to comment #24)
> commit d1c73bd00f0befc6697c9d4afd6c363d59436941
> Author: Wim Taymans <wim.taymans at collabora.co.uk>
> Date:   Fri May 22 17:41:50 2009 +0200
> 
>     vorbisdec: detect and report errors better
> 
>     Check the return values of a couple more libvorbis functions and post an
> error
>     when something is wrong instead of continuing and crashing.
> 

With the latest git HEAD (538c1cde31bf3189fe9d375aadb5e0089ae5acbe) I see the
following:

vorbis_book_init_decode: 0x1ed00e0, 0x1ec1760
  n=1
    _make_words: 0x1ec17d0, 128, 1
  codes: (nil)
vorbis_book_init_decode failed!
vorbis_dsp_clear:
  vorbis_dsp_state (v)=0x1e0f2c8
    vorbis_info (v->vi)=0x1e0f358
ERROR: from element
/GstPipeline:pipeline0/GstDecodeBin2:decodebin20/GstVorbisDec:vorbisdec1: Could
not decode stream.
Additional debug info:
vorbisdec.c(794): vorbis_handle_type_packet ():
/GstPipeline:pipeline0/GstDecodeBin2:decodebin20/GstVorbisDec:vorbisdec1:
couldn't initialize synthesis (1)
ERROR: pipeline doesn't want to preroll.
Setting pipeline to NULL ...

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread 0x413d4950 (LWP 2489)]
0x00007f63543ed332 in res2_inverse (vb=0x1e0f050, vl=0x1ec0da0, in=0x413d3440,
nonzero=0x413d3420, ch=2) at res0.c:861
861         int partwords=(partvals+partitions_per_word-1)/partitions_per_word;


Where the new backtrace is:

#0  0x00007f63543ed332 in res2_inverse (vb=0x1e0f050, vl=0x1ec0da0,
in=0x413d3440, nonzero=0x413d3420, ch=2) at res0.c:861
#1  0x00007f63543ef690 in mapping0_inverse (vb=0x1e0f050, l=0x1eb7200) at
mapping0.c:801
#2  0x00007f63543dff46 in vorbis_synthesis (vb=0x1e0f050, op=0x413d3830) at
synthesis.c:86
#3  0x00007f63549e9258 in vorbis_handle_data_packet (vd=0x1e0ee70,
packet=0x413d3830) at vorbisdec.c:998
#4  0x00007f63549eae5e in vorbis_dec_decode_buffer (vd=0x1e0ee70,
buffer=0x1e830c0) at vorbisdec.c:1176
#5  0x00007f63549ec02a in vorbis_dec_chain_forward (vd=0x1e0ee70, discont=0,
buffer=0x1e830c0) at vorbisdec.c:1387
#6  0x00007f63549ec150 in vorbis_dec_chain (pad=0x1e86170, buffer=0x1e830c0) at
vorbisdec.c:1419
#7  0x00007f635940607f in gst_pad_chain_data_unchecked (pad=0x1e86170,
is_buffer=1, data=0x1e830c0) at gstpad.c:4042
#8  0x00007f6359405e62 in gst_pad_chain (pad=0x1e86170, buffer=0x1e830c0) at
gstpad.c:4176
#9  0x00007f6355226fcd in gst_ogg_demux_chain_elem_pad (pad=0x1e8e1f0,
packet=0x413d3c20) at gstoggdemux.c:805
#10 0x00007f63552279a7 in gst_ogg_pad_submit_packet (pad=0x1e8e1f0,
packet=0x413d3c20) at gstoggdemux.c:995
#11 0x00007f635522842e in gst_ogg_pad_stream_out (pad=0x1e8e1f0, npackets=0) at
gstoggdemux.c:1080
#12 0x00007f6355228683 in gst_ogg_pad_submit_page (pad=0x1e8e1f0,
page=0x413d3f20) at gstoggdemux.c:1152
#13 0x00007f635522f72c in gst_ogg_demux_handle_page (ogg=0x1e84030,
page=0x413d3f20) at gstoggdemux.c:2888
#14 0x00007f635522fae1 in gst_ogg_demux_chain (pad=0x1df4b80, buffer=0x1e74530)
at gstoggdemux.c:2933
#15 0x00007f635522fe5d in gst_ogg_demux_loop_forward (ogg=0x1e84030) at
gstoggdemux.c:3020
#16 0x00007f63552301fb in gst_ogg_demux_loop (pad=0x1df4b80) at
gstoggdemux.c:3129
#17 0x00007f635942a8ce in gst_task_func (task=0x1e87000) at gsttask.c:234
#18 0x00007f635942baab in default_func (tdata=0x1d3a470, pool=0x1d3a810) at
gsttaskpool.c:70
#19 0x00007f63580d2377 in ?? () from /usr/lib/libglib-2.0.so.0
#20 0x00007f63580d0de4 in ?? () from /usr/lib/libglib-2.0.so.0
#21 0x00007f635855c097 in start_thread () from /lib/libpthread.so.0
#22 0x00007f63579deccd in clone () from /lib/libc.so.6
#23 0x0000000000000000 in ?? ()

(gdb) frame 0
#0  0x00007f63543ed332 in res2_inverse (vb=0x1e0f050, vl=0x1ec0da0,
in=0x413d3440, nonzero=0x413d3420, ch=2) at res0.c:861
861         int partwords=(partvals+partitions_per_word-1)/partitions_per_word;
(gdb) x/5i $pc
0x7f63543ed332 <res2_inverse+209>:      idivl  -0x30(%rbp)
0x7f63543ed335 <res2_inverse+212>:      mov    %eax,-0x1c(%rbp)
0x7f63543ed338 <res2_inverse+215>:      mov    -0x1c(%rbp),%eax
0x7f63543ed33b <res2_inverse+218>:      cltq   
0x7f63543ed33d <res2_inverse+220>:      shl    $0x3,%rax
(gdb) p/x $rbp
$1 = 0x413d33d0
(gdb) p $1-30
$2 = (void *) 0x413d33b2
(gdb) x/g $2
0x413d33b2:     0x0740000000000000
(gdb) x/w $2
0x413d33b2:     0x00000000
(gdb) 

Did you see the same result on your setup?

As noted in previous comments making vorbis not trigger on that
vorbis_book_init_decode results in the file playing OK.

Are there any bugs/reports to the vorbis project I should be tracking?


-- 
See http://bugzilla.gnome.org/page.cgi?id=email.html for more info about why you received
this email, why you can't respond via email, how to stop receiving
emails (or reduce the number you receive), and how to contact someone
if you are having problems with the system.

You can add comments to this bug at http://bugzilla.gnome.org/show_bug.cgi?id=582942.




More information about the Gstreamer-bugs mailing list