[Bug 673485] New: [0.10] Crash in h264parse on a FLV sample
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Wed Apr 4 02:14:57 PDT 2012
https://bugzilla.gnome.org/show_bug.cgi?id=673485
GStreamer | gst-plugins-bad | 0.10.x
Summary: [0.10] Crash in h264parse on a FLV sample
Classification: Platform
Product: GStreamer
Version: 0.10.x
OS/Version: Linux
Status: NEW
Severity: major
Priority: Normal
Component: gst-plugins-bad
AssignedTo: gstreamer-bugs at lists.freedesktop.org
ReportedBy: vincent.penquerch at collabora.co.uk
QAContact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
Created an attachment (id=211266)
--> (https://bugzilla.gnome.org/attachment.cgi?id=211266)
Crash repro case
Simple gst-launch pipeline crashes in the h264 parser. Not tested on 0.11.
See attached first 32 KB of the sample, which is enough to repro.
valgrind gst-launch-0.10 filesrc location=/tmp/crash-h264.flv ! flvdemux !
h264parse ! fakesink
==3986== Memcheck, a memory error detector
==3986== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==3986== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for
copyright info
==3986== Command: gst-launch-0.10 filesrc location=/tmp/crash-h264.flv !
flvdemux ! h264parse ! fakesink
==3986==
GStreamer has detected that it is running inside valgrind.
It might now take different code paths to ease debugging.
Of course, this may also lead to different bugs.
Setting pipeline to PAUSED ...
Pipeline is PREROLLING ...
==3986== Thread 2:
==3986== Invalid write of size 1
==3986== at 0x4C29910: memcpy (mc_replace_strmem.c:497)
==3986== by 0x89DE114: gst_byte_writer_put_data_unchecked
(gstbytewriter.h:260)
==3986== by 0x89E3661: gst_h264_parse_pre_push_frame (gsth264parse.c:1517)
==3986== by 0x834BE27: gst_base_parse_push_frame (gstbaseparse.c:1915)
==3986== by 0x83505FD: gst_base_parse_handle_and_push_frame
(gstbaseparse.c:1773)
==3986== by 0x83516AC: gst_base_parse_chain (gstbaseparse.c:2466)
==3986== by 0x89E495B: gst_h264_parse_chain (gsth264parse.c:1889)
==3986== by 0x4E85C78: gst_pad_chain_data_unchecked (gstpad.c:4271)
==3986== by 0x4E8657C: gst_pad_push_data (gstpad.c:4506)
==3986== by 0x4E8D8F2: gst_pad_push (gstpad.c:4730)
==3986== by 0x859BE96: gst_flv_demux_parse_tag_video (gstflvdemux.c:1425)
==3986== by 0x859DE40: gst_flv_demux_pull_tag (gstflvdemux.c:2050)
==3986== Address 0x7eefa84 is not stack'd, malloc'd or (recently) free'd
==3986==
==3986== Invalid write of size 1
==3986== at 0x4C2991A: memcpy (mc_replace_strmem.c:497)
==3986== by 0x89DE114: gst_byte_writer_put_data_unchecked
(gstbytewriter.h:260)
==3986== by 0x89E3661: gst_h264_parse_pre_push_frame (gsth264parse.c:1517)
==3986== by 0x834BE27: gst_base_parse_push_frame (gstbaseparse.c:1915)
==3986== by 0x83505FD: gst_base_parse_handle_and_push_frame
(gstbaseparse.c:1773)
==3986== by 0x83516AC: gst_base_parse_chain (gstbaseparse.c:2466)
==3986== by 0x89E495B: gst_h264_parse_chain (gsth264parse.c:1889)
==3986== by 0x4E85C78: gst_pad_chain_data_unchecked (gstpad.c:4271)
==3986== by 0x4E8657C: gst_pad_push_data (gstpad.c:4506)
==3986== by 0x4E8D8F2: gst_pad_push (gstpad.c:4730)
==3986== by 0x859BE96: gst_flv_demux_parse_tag_video (gstflvdemux.c:1425)
==3986== by 0x859DE40: gst_flv_demux_pull_tag (gstflvdemux.c:2050)
==3986== Address 0x7eefa83 is not stack'd, malloc'd or (recently) free'd
==3986==
[...]
See attached first 32 KB of the sample, which is enough to repro.
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list