[Bug 673485] New: [0.10] Crash in h264parse on a FLV sample

GStreamer (bugzilla.gnome.org) bugzilla at gnome.org
Wed Apr 4 02:14:57 PDT 2012 

https://bugzilla.gnome.org/show_bug.cgi?id=673485
  GStreamer | gst-plugins-bad | 0.10.x

           Summary: [0.10] Crash in h264parse on a FLV sample
    Classification: Platform
           Product: GStreamer
           Version: 0.10.x
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: Normal
         Component: gst-plugins-bad
        AssignedTo: gstreamer-bugs at lists.freedesktop.org
        ReportedBy: vincent.penquerch at collabora.co.uk
         QAContact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---


Created an attachment (id=211266)
 --> (https://bugzilla.gnome.org/attachment.cgi?id=211266)
Crash repro case

Simple gst-launch pipeline crashes in the h264 parser. Not tested on 0.11.

See attached first 32 KB of the sample, which is enough to repro.

valgrind gst-launch-0.10 filesrc location=/tmp/crash-h264.flv ! flvdemux !
h264parse ! fakesink
==3986== Memcheck, a memory error detector
==3986== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==3986== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for
copyright info
==3986== Command: gst-launch-0.10 filesrc location=/tmp/crash-h264.flv !
flvdemux ! h264parse ! fakesink
==3986== 
GStreamer has detected that it is running inside valgrind.
It might now take different code paths to ease debugging.
Of course, this may also lead to different bugs.
Setting pipeline to PAUSED ...
Pipeline is PREROLLING ...
==3986== Thread 2:
==3986== Invalid write of size 1
==3986==    at 0x4C29910: memcpy (mc_replace_strmem.c:497)
==3986==    by 0x89DE114: gst_byte_writer_put_data_unchecked
(gstbytewriter.h:260)
==3986==    by 0x89E3661: gst_h264_parse_pre_push_frame (gsth264parse.c:1517)
==3986==    by 0x834BE27: gst_base_parse_push_frame (gstbaseparse.c:1915)
==3986==    by 0x83505FD: gst_base_parse_handle_and_push_frame
(gstbaseparse.c:1773)
==3986==    by 0x83516AC: gst_base_parse_chain (gstbaseparse.c:2466)
==3986==    by 0x89E495B: gst_h264_parse_chain (gsth264parse.c:1889)
==3986==    by 0x4E85C78: gst_pad_chain_data_unchecked (gstpad.c:4271)
==3986==    by 0x4E8657C: gst_pad_push_data (gstpad.c:4506)
==3986==    by 0x4E8D8F2: gst_pad_push (gstpad.c:4730)
==3986==    by 0x859BE96: gst_flv_demux_parse_tag_video (gstflvdemux.c:1425)
==3986==    by 0x859DE40: gst_flv_demux_pull_tag (gstflvdemux.c:2050)
==3986==  Address 0x7eefa84 is not stack'd, malloc'd or (recently) free'd
==3986== 
==3986== Invalid write of size 1
==3986==    at 0x4C2991A: memcpy (mc_replace_strmem.c:497)
==3986==    by 0x89DE114: gst_byte_writer_put_data_unchecked
(gstbytewriter.h:260)
==3986==    by 0x89E3661: gst_h264_parse_pre_push_frame (gsth264parse.c:1517)
==3986==    by 0x834BE27: gst_base_parse_push_frame (gstbaseparse.c:1915)
==3986==    by 0x83505FD: gst_base_parse_handle_and_push_frame
(gstbaseparse.c:1773)
==3986==    by 0x83516AC: gst_base_parse_chain (gstbaseparse.c:2466)
==3986==    by 0x89E495B: gst_h264_parse_chain (gsth264parse.c:1889)
==3986==    by 0x4E85C78: gst_pad_chain_data_unchecked (gstpad.c:4271)
==3986==    by 0x4E8657C: gst_pad_push_data (gstpad.c:4506)
==3986==    by 0x4E8D8F2: gst_pad_push (gstpad.c:4730)
==3986==    by 0x859BE96: gst_flv_demux_parse_tag_video (gstflvdemux.c:1425)
==3986==    by 0x859DE40: gst_flv_demux_pull_tag (gstflvdemux.c:2050)
==3986==  Address 0x7eefa83 is not stack'd, malloc'd or (recently) free'd
==3986== 
[...]


See attached first 32 KB of the sample, which is enough to repro.

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list