[Bug 680558] New: rtpmparobustdepay: invalid memory access with mp3 rtsp stream

Tue Jul 24 13:53:53 PDT 2012

https://bugzilla.gnome.org/show_bug.cgi?id=680558
  GStreamer | gst-plugins-ugly | 0.11.x

           Summary: rtpmparobustdepay: invalid memory access with mp3 rtsp
                    stream
    Classification: Platform
           Product: GStreamer
           Version: 0.11.x
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gst-plugins-ugly
        AssignedTo: gstreamer-bugs at lists.freedesktop.org
        ReportedBy: t.i.m at zen.co.uk
         QAContact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

URL: rtsp://dl.lib.brown.edu:554/areserves/1093545294660883.mp3

-base/tests/examples/playback $ ./playback-test 0
rtsp://dl.lib.brown.edu:554/areserves/1093545294660883.mp3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Setting URI: rtsp://dl.lib.brown.edu:554/areserves/1093545294660883.mp3
Setting URI: (null)
Window realize: video window XID = 44040203
PLAY pipeline
[New Thread 0x7fffe6986700 (LWP 9880)]
message from "playbin" (new-clock): GstMessageNewClock,
clock=(GstClock)"\(GstSystemClock\)\ GstSystemClock";
[New Thread 0x7fffe6185700 (LWP 9881)]
[New Thread 0x7fffe5165700 (LWP 9882)]
[New Thread 0x7fffe4964700 (LWP 9883)]
[New Thread 0x7fffe3f2c700 (LWP 9884)]
[New Thread 0x7fffe34e5700 (LWP 9885)]
[New Thread 0x7fffe2ce4700 (LWP 9886)]
[Thread 0x7fffe6185700 (LWP 9881) exited]
[New Thread 0x7fffe6185700 (LWP 9887)]
[Thread 0x7fffe6185700 (LWP 9887) exited]
[New Thread 0x7fffe6185700 (LWP 9888)]
[Thread 0x7fffe6185700 (LWP 9888) exited]
[New Thread 0x7fffe6185700 (LWP 9889)]
[New Thread 0x7fffe0bd7700 (LWP 9890)]
message from "audiosink-actual-sink-pulse" (tag): GstMessageTag,
taglist=(taglist)"taglist\,\ audio-codec\=\(string\)\"MPEG\\\ 1\\\ Audio\\\,\\\
Layer\\\ 3\\\ \\\(MP3\\\)\"\,\ nominal-bitrate\=\(uint\)128000\;";
message from "audiosink-actual-sink-pulse" (tag): GstMessageTag,
taglist=(taglist)"taglist\,\ has-crc\=\(boolean\)false\,\
channel-mode\=\(string\)joint-stereo\;";
[New Thread 0x7fffd7ffe700 (LWP 9891)]
video 0, audio 1, text 0
setting current video track -1
audio 0: taglist, audio-codec=(string)"MPEG\ 1\ Audio\,\ Layer\ 3\ \(MP3\)",
nominal-bitrate=(uint)128000, has-crc=(boolean)false,
channel-mode=(string)joint-stereo, minimum-bitrate=(uint)127706,
bitrate=(uint)128012, maximum-bitrate=(uint)128012;
setting current audio track 0
setting current text track -1
message from "audiosink-actual-sink-pulse" (tag): GstMessageTag,
taglist=(taglist)"taglist\,\ minimum-bitrate\=\(uint\)128012\,\
bitrate\=\(uint\)128012\,\ maximum-bitrate\=\(uint\)128012\;";
message from "rtpsession0" (element): application/x-rtp-source-sdes,
cname=(string)430731928;
message from "audiosink-actual-sink-pulse" (tag): GstMessageTag,
taglist=(taglist)"taglist\,\ minimum-bitrate\=\(uint\)127706\;";
[Thread 0x7fffd7ffe700 (LWP 9891) exited]
*** glibc detected ***
/home/tpm/gst/0.11/gst-plugins-base/tests/examples/playback/.libs/playback-test:
double free or corruption (!prev): 0x0000000000bea0c0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x75b46)[0x7ffff4baab46]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7ffff4baf87c]
/home/tpm/gst/0.11/gstreamer/gst/.libs/libgstreamer-1.0.so.0(+0x2cab9)[0x7ffff78d7ab9]
/home/tpm/gst/0.11/gstreamer/gst/.libs/libgstreamer-1.0.so.0(+0x5b81d)[0x7ffff790681d]
/home/tpm/gst/0.11/gstreamer/gst/.libs/libgstreamer-1.0.so.0(+0x35221)[0x7ffff78e0221]
/home/tpm/gst/0.11/gst-plugins-base/gst-libs/gst/audio/.libs/libgstaudio-1.0.so.0(gst_audio_decoder_finish_frame+0x2a7)[0x7fffee0adfb7]
/home/tpm/gst/0.11/gst-plugins-ugly/ext/mad/.libs/libgstmad.so(+0x24a8)[0x7fffe183b4a8]
/home/tpm/gst/0.11/gst-plugins-base/gst-libs/gst/audio/.libs/libgstaudio-1.0.so.0(+0x198d0)[0x7fffee0a98d0]
/home/tpm/gst/0.11/gst-plugins-base/gst-libs/gst/audio/.libs/libgstaudio-1.0.so.0(+0x1b404)[0x7fffee0ab404]
/home/tpm/gst/0.11/gst-plugins-base/gst-libs/gst/audio/.libs/libgstaudio-1.0.so.0(+0x1a7a6)[0x7fffee0aa7a6]
/home/tpm/gst/0.11/gst-plugins-base/gst-libs/gst/audio/.libs/libgstaudio-1.0.so.0(+0x1c688)[0x7fffee0ac688]
/home/tpm/gst/0.11/gstreamer/gst/.libs/libgstreamer-1.0.so.0(+0x606c8)[0x7ffff790b6c8]
/home/tpm/gst/0.11/gstreamer/libs/gst/base/.libs/libgstbase-1.0.so.0(gst_base_parse_push_frame+0x75f)[0x7ffff48fafcf]
/home/tpm/gst/0.11/gstreamer/libs/gst/base/.libs/libgstbase-1.0.so.0(gst_base_parse_finish_frame+0x5e3)[0x7ffff48fe083]
/home/tpm/gst/0.11/gst-plugins-good/gst/audioparsers/.libs/libgstaudioparsers.so(+0x10d8c)[0x7fffe207dd8c]
/home/tpm/gst/0.11/gstreamer/libs/gst/base/.libs/libgstbase-1.0.so.0(+0x13d34)[0x7ffff48f8d34]
/home/tpm/gst/0.11/gstreamer/libs/gst/base/.libs/libgstbase-1.0.so.0(+0x16b84)[0x7ffff48fbb84]
/home/tpm/gst/0.11/gstreamer/gst/.libs/libgstreamer-1.0.so.0(+0x606c8)[0x7ffff790b6c8]
/home/tpm/gst/0.11/gst-plugins-base/gst-libs/gst/rtp/.libs/libgstrtp-1.0.so.0(gst_rtp_base_depayload_push+0x2e)[0x7fffe740146e]
/home/tpm/gst/0.11/gst-plugins-good/gst/rtp/.libs/libgstrtp.so(+0x10c23)[0x7fffe2298c23]
/home/tpm/gst/0.11/gst-plugins-good/gst/rtp/.libs/libgstrtp.so(+0x12004)[0x7fffe229a004]
/home/tpm/gst/0.11/gst-plugins-base/gst-libs/gst/rtp/.libs/libgstrtp-1.0.so.0(+0x10a37)[0x7fffe7401a37]
/home/tpm/gst/0.11/gstreamer/gst/.libs/libgstreamer-1.0.so.0(+0x606c8)[0x7ffff790b6c8]
======= Memory map: ========
00400000-00411000 r-xp 00000000 fe:00 4555500                           
/home/tpm/gst/0.11/gst-plugins-base/tests/examples/playback/.libs/playback-test
00611000-00612000 rw-p 00011000 fe:00 4555500                           
/home/tpm/gst/0.11/gst-plugins-base/tests/examples/playback/.libs/playback-test
00612000-00d52000 rw-p 00000000 00:00 0                                  [heap]
7fffd77fe000-7fffd77ff000 ---p 00000000 00:00 0 
7fffd77ff000-7fffd7fff000 rw-p 00000000 00:00 0 
7fffd7fff000-7fffdc000000 rw-s 00000000 00:11 22224445                  
/run/shm/pulse-shm-1001214978
7fffdc000000-7fffdc021000 rw-p 00000000 00:00 0 
7fffdc021000-7fffe0000000 ---p 00000000 00:00 0 
7fffe03d7000-7fffe03d8000 ---p 00000000 00:00 0 
7fffe03d8000-7fffe0bd8000 rw-p 00000000 00:00 0 
7fffe0bd8000-7fffe0bdf000 r-xp 00000000 fe:00 8457540                   
/usr/lib/x86_64-linux-gnu/liborc-test-0.4.so.0.16.0
7fffe0bdf000-7fffe0dde000 ---p 00007000 fe:00 8457540                   
/usr/lib/x86_64-linux-gnu/liborc-test-0.4.so.0.16.0
7fffe0dde000-7fffe0ddf000 r--p 00006000 fe:00 8457540                   
/usr/lib/x86_64-linux-gnu/liborc-test-0.4.so.0.16.0
7fffe0ddf000-7fffe0de0000 rw-p 00007000 fe:00 8457540                   
/usr/lib/x86_64-linux-gnu/liborc-test-0.4.so.0.16.0
7fffe0de0000-7fffe0def000 r-xp 00000000 fe:00 8113592                   
/home/tpm/gst/0.11/gst-plugins-base/gst/audioresample/.libs/libgstaudioresample.so
7fffe0def000-7fffe0fee000 ---p 0000f000 fe:00 8113592                   
/home/tpm/gst/0.11/gst-plugins-base/gst/audioresample/.libs/libgstaudioresample.so
7fffe0fee000-7fffe0ff0000 rw-p 0000e000 fe:00 8113592                   
/home/tpm/gst/0.11/gst-plugins-base/gst/audioresample/.libs/libgstaudioresample.so
7fffe0ff0000-7fffe1007000 r-xp 00000000 fe:00 8113539                   
/home/tpm/gst/0.11/gst-plugins-base/gst/audioconvert/.libs/libgstaudioconvert.so
7fffe1007000-7fffe1207000 ---p 00017000 fe:00 8113539                   
/home/tpm/gst/0.11/gst-plugins-base/gst/audioconvert/.libs/libgstaudioconvert.so
7fffe1207000-7fffe1208000 rw-p 00017000 fe:00 8113539                   
/home/tpm/gst/0.11/gst-plugins-base/gst/audioconvert/.libs/libgstaudioconvert.so
7fffe1208000-7fffe1210000 r-xp 00000000 fe:00 8113641                   
/home/tpm/gst/0.11/gst-plugins-base/gst/volume/.libs/libgstvolume.so
7fffe1210000-7fffe1410000 ---p 00008000 fe:00 8113641                   
/home/tpm/gst/0.11/gst-plugins-base/gst/volume/.libs/libgstvolume.so
7fffe1410000-7fffe1411000 rw-p 00008000 fe:00 8113641                   
/home/tpm/gst/0.11/gst-plugins-base/gst/volume/.libs/libgstvolume.so
7fffe1411000-7fffe1419000 r-xp 00000000 fe:00 2449783                   
/home/tpm/gst/0.11/gst-plugins-good/gst/autodetect/.libs/libgstautodetect.so
7fffe1419000-7fffe1619000 ---p 00008000 fe:00 2449783                   
/home/tpm/gst/0.11/gst-plugins-good/gst/autodetect/.libs/libgstautodetect.so
7fffe1619000-7fffe161a000 rw-p 00008000 fe:00 2449783                   
/home/tpm/gst/0.11/gst-plugins-good/gst/autodetect/.libs/libgstautodetect.so
7fffe161a000-7fffe1639000 r-xp 00000000 fe:00 8422139                   
/usr/lib/libmad.so.0.2.1
7fffe1639000-7fffe1838000 ---p 0001f000 fe:00 8422139                   
/usr/lib/libmad.so.0.2.1
7fffe1838000-7fffe1839000 rw-p 0001e000 fe:00 8422139                   
/usr/lib/libmad.so.0.2.1
7fffe1839000-7fffe183d000 r-xp 00000000 fe:00 8170154                   
/home/tpm/gst/0.11/gst-plugins-ugly/ext/mad/.libs/libgstmad.so
7fffe183d000-7fffe1a3c000 ---p 00004000 fe:00 8170154                   
/home/tpm/gst/0.11/gst-plugins-ugly/ext/mad/.libs/libgstmad.so
Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffe2ce4700 (LWP 9886)]
0x00007ffff4b67475 in *__GI_raise (sig=<optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64    ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff4b67475 in *__GI_raise (sig=<optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff4b6a6f0 in *__GI_abort () at abort.c:92
#2  0x00007ffff4ba12fb in __libc_message (do_abort=<optimized out>,
fmt=<optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3  0x00007ffff4baab46 in malloc_printerr (action=3, str=0x7ffff4c81748 "double
free or corruption (!prev)", ptr=<optimized out>) at malloc.c:6283
#4  0x00007ffff4baf87c in *__GI___libc_free (mem=<optimized out>) at
malloc.c:3738
#5  0x00007ffff78d7ab9 in default_free (allocator=<optimized out>,
mem=0xbf1200) at gstallocator.c:522
#6  0x00007ffff790681d in gst_memory_unref (memory=<optimized out>) at
../gst/gstmemory.h:296
#7  _gst_memory_free (mem=0xbe8ba0) at gstmemory.c:90
#8  0x00007ffff78e0221 in gst_memory_unref (memory=<optimized out>) at
../gst/gstmemory.h:296
#9  _gst_buffer_free (buffer=0xc416a0) at gstbuffer.c:531
#10 0x00007fffee0adfb7 in gst_buffer_unref (buf=<optimized out>) at
/home/tpm/gst/0.11/gstreamer/gst/gstbuffer.h:351
#11 gst_audio_decoder_finish_frame (dec=dec at entry=0xc7d290,
buf=buf at entry=0xbd0a20, frames=frames at entry=1) at gstaudiodecoder.c:966
#12 0x00007fffe183b4a8 in gst_mad_handle_frame (dec=0xc7d290, buffer=<optimized
out>) at gstmad.c:483
#13 0x00007fffee0a98d0 in gst_audio_decoder_handle_frame (buffer=0xc416a0,
dec=0xc7d290, klass=<optimized out>) at gstaudiodecoder.c:1088
#14 gst_audio_decoder_push_buffers (dec=dec at entry=0xc7d290,
force=force at entry=1) at gstaudiodecoder.c:1184
#15 0x00007fffee0ab404 in gst_audio_decoder_drain (dec=dec at entry=0xc7d290) at
gstaudiodecoder.c:1221
#16 0x00007fffee0aa7a6 in gst_audio_decoder_flush (dec=dec at entry=0xc7d290,
hard=hard at entry=0) at gstaudiodecoder.c:1251
#17 0x00007fffee0ac688 in gst_audio_decoder_chain (pad=<optimized out>,
parent=<optimized out>, buffer=0xc55120) at gstaudiodecoder.c:1521
#18 0x00007ffff790b6c8 in gst_pad_chain_data_unchecked (data=0xc55120,
type=<optimized out>, pad=0xc4a700) at gstpad.c:3587
#19 gst_pad_push_data (pad=0xc4a4d0, type=type at entry=4112, data=<optimized
out>, data at entry=0xc55120) at gstpad.c:3800
#20 0x00007ffff7911e86 in gst_pad_push (pad=<optimized out>,
buffer=buffer at entry=0xc55120) at gstpad.c:3903
#21 0x00007ffff48fafcf in gst_base_parse_push_frame
(parse=parse at entry=0xc518f0, frame=frame at entry=0xcc02d0) at gstbaseparse.c:2074
#22 0x00007ffff48fe083 in gst_base_parse_handle_and_push_frame (frame=0xcc02d0,
parse=0xc518f0) at gstbaseparse.c:1899
#23 gst_base_parse_finish_frame (parse=parse at entry=0xc518f0,
frame=frame at entry=0xcc02d0, size=size at entry=418) at gstbaseparse.c:2200
#24 0x00007fffe207dd8c in gst_mpeg_audio_parse_handle_frame (parse=<optimized
out>, frame=<optimized out>, skipsize=<optimized out>) at
gstmpegaudioparse.c:768
#25 0x00007ffff48f8d34 in gst_base_parse_handle_buffer
(parse=parse at entry=0xc518f0, buffer=<optimized out>,
skip=skip at entry=0x7fffe2ce2ae8, flushed=flushed at entry=0x7fffe2ce2aec) at
gstbaseparse.c:1770
#26 0x00007ffff48fbb84 in gst_base_parse_chain (pad=<optimized out>,
parent=0xc518f0, buffer=<optimized out>) at gstbaseparse.c:2589
#27 0x00007ffff790b6c8 in gst_pad_chain_data_unchecked (data=0xc55120,
type=<optimized out>, pad=0xc4a2a0) at gstpad.c:3587
#28 gst_pad_push_data (pad=0xc4a070, type=type at entry=4112, data=<optimized
out>) at gstpad.c:3800
#29 0x00007ffff7911e86 in gst_pad_push (pad=<optimized out>, buffer=<optimized
out>) at gstpad.c:3903
#30 0x00007fffe740146e in gst_rtp_base_depayload_push (filter=0xc47c80,
out_buf=out_buf at entry=0xc55120) at gstrtpbasedepayload.c:587
#31 0x00007fffe2298c23 in gst_rtp_mpa_robust_depay_push_mp3_frames
(rtpmpadepay=rtpmpadepay at entry=0xc47c80) at gstrtpmparobustdepay.c:616
#32 0x00007fffe229a004 in gst_rtp_mpa_robust_depay_submit_adu (buf=<optimized
out>, rtpmpadepay=<optimized out>) at gstrtpmparobustdepay.c:634
#33 gst_rtp_mpa_robust_depay_process (depayload=<optimized out>, buf=<optimized
out>) at gstrtpmparobustdepay.c:731
#34 0x00007fffe7401a37 in gst_rtp_base_depayload_chain (pad=<optimized out>,
parent=<optimized out>, in=0xbe6ce0) at gstrtpbasedepayload.c:332
#35 0x00007ffff790b6c8 in gst_pad_chain_data_unchecked (data=0xbe6ce0,
type=<optimized out>, pad=0xbbdd20) at gstpad.c:3587
#36 gst_pad_push_data (pad=0xbbdaf0, type=<optimized out>, data=<optimized
out>) at gstpad.c:3800
#37 0x00007ffff790b6c8 in gst_pad_chain_data_unchecked (data=0xbe6ce0,
type=<optimized out>, pad=0xbbd8c0) at gstpad.c:3587
#38 gst_pad_push_data (pad=0xbaf690, type=<optimized out>, data=<optimized
out>) at gstpad.c:3800
#39 0x00007ffff790b6c8 in gst_pad_chain_data_unchecked (data=0xbe6ce0,
type=<optimized out>, pad=0xb7ba70) at gstpad.c:3587
#40 gst_pad_push_data (pad=0xb7b5b0, type=<optimized out>, data=<optimized
out>) at gstpad.c:3800
#41 0x00007ffff790b6c8 in gst_pad_chain_data_unchecked (data=0xbe6ce0,
type=<optimized out>, pad=0xbaf450) at gstpad.c:3587
#42 gst_pad_push_data (pad=0xb7b350, type=<optimized out>, data=<optimized
out>) at gstpad.c:3800
#43 0x00007ffff790b6c8 in gst_pad_chain_data_unchecked (data=0xbe6ce0,
type=<optimized out>, pad=0xbaf210) at gstpad.c:3587
#44 gst_pad_push_data (pad=pad at entry=0xbbd690, type=type at entry=4112,
data=<optimized out>, data at entry=0xbe6ce0) at gstpad.c:3800
#45 0x00007ffff7911e86 in gst_pad_push (pad=pad at entry=0xbbd690,
buffer=buffer at entry=0xbe6ce0) at gstpad.c:3903
#46 0x00007fffe3f426bb in gst_rtp_pt_demux_chain (pad=<optimized out>,
parent=<optimized out>, buf=0xbe6ce0) at gstrtpptdemux.c:436
#47 0x00007ffff790b6c8 in gst_pad_chain_data_unchecked (data=0xbe6ce0,
type=<optimized out>, pad=0xbbcdd0) at gstpad.c:3587
#48 gst_pad_push_data (pad=0xbbc970, type=type at entry=4112, data=<optimized
out>, data at entry=0xbe6ce0) at gstpad.c:3800
#49 0x00007ffff7911e86 in gst_pad_push (pad=<optimized out>,
buffer=buffer at entry=0xbe6ce0) at gstpad.c:3903
#50 0x00007fffe3f3d802 in gst_rtp_jitter_buffer_loop (jitterbuffer=0x9654c0) at
gstrtpjitterbuffer.c:1902
#51 0x00007ffff79391e1 in gst_task_func (task=0xb19900) at gsttask.c:316
#52 0x00007ffff53c75f2 in g_thread_pool_thread_proxy (data=<optimized out>) at
/tmp/buildd/glib2.0-2.32.3/./glib/gthreadpool.c:309
#53 0x00007ffff53c6df5 in g_thread_proxy (data=0xb98630) at
/tmp/buildd/glib2.0-2.32.3/./glib/gthread.c:801
#54 0x00007ffff4ec2b50 in start_thread (arg=<optimized out>) at
pthread_create.c:304
#55 0x00007ffff4c0d6dd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#56 0x0000000000000000 in ?? ()

valgrind:

==9907== Thread 8:
==9907== Invalid write of size 1
==9907==    at 0x4C2A88A: memcpy (mc_replace_strmem.c:838)
==9907==    by 0x1D7393EC: gst_rtp_mpa_robust_depay_push_mp3_frames
(gstbytewriter.h:255)
==9907==    by 0x1D73A003: gst_rtp_mpa_robust_depay_process
(gstrtpmparobustdepay.c:634)
==9907==    by 0x18213A36: gst_rtp_base_depayload_chain
(gstrtpbasedepayload.c:332)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1AEBC6BA: gst_rtp_pt_demux_chain (gstrtpptdemux.c:436)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1AEB7801: gst_rtp_jitter_buffer_loop
(gstrtpjitterbuffer.c:1902)
==9907==  Address 0xd2a76b3 is not stack'd, malloc'd or (recently) free'd
==9907== 
==9907== Invalid read of size 1
==9907==    at 0x810D624: gst_byte_reader_masked_scan_uint32
(gstbytereader.c:840)
==9907==    by 0x1D993A6A: gst_mpeg_audio_parse_handle_frame
(gstmpegaudioparse.c:622)
==9907==    by 0x80EAD33: gst_base_parse_handle_buffer (gstbaseparse.c:1770)
==9907==    by 0x80EDB83: gst_base_parse_chain (gstbaseparse.c:2589)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1821346D: gst_rtp_base_depayload_push
(gstrtpbasedepayload.c:587)
==9907==    by 0x1D738C22: gst_rtp_mpa_robust_depay_push_mp3_frames
(gstrtpmparobustdepay.c:616)
==9907==    by 0x1D73A003: gst_rtp_mpa_robust_depay_process
(gstrtpmparobustdepay.c:634)
==9907==    by 0x18213A36: gst_rtp_base_depayload_chain
(gstrtpbasedepayload.c:332)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==  Address 0xd2a7682 is 0 bytes after a block of size 418 alloc'd
==9907==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==9907==    by 0x760ADE0: g_malloc (gmem.c:159)
==9907==    by 0x810DBE9: gst_byte_writer_new_with_size (gstbytewriter.c:77)
==9907==    by 0x1D73900D: gst_rtp_mpa_robust_depay_push_mp3_frames
(gstrtpmparobustdepay.c:526)
==9907==    by 0x1D73A003: gst_rtp_mpa_robust_depay_process
(gstrtpmparobustdepay.c:634)
==9907==    by 0x18213A36: gst_rtp_base_depayload_chain
(gstrtpbasedepayload.c:332)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1AEBC6BA: gst_rtp_pt_demux_chain (gstrtpptdemux.c:436)
==9907== 
==9907== Invalid read of size 1
==9907==    at 0x4C2A884: memcpy (mc_replace_strmem.c:838)
==9907==    by 0x50A46E8: gst_buffer_extract (gstbuffer.c:1497)
==9907==    by 0x80E4475: copy_into_unchecked (gstadapter.c:298)
==9907==    by 0x80E51AD: gst_adapter_map (gstadapter.c:502)
==9907==    by 0x80EDB4E: gst_base_parse_chain (gstbaseparse.c:2582)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1821346D: gst_rtp_base_depayload_push
(gstrtpbasedepayload.c:587)
==9907==    by 0x1D738C22: gst_rtp_mpa_robust_depay_push_mp3_frames
(gstrtpmparobustdepay.c:616)
==9907==    by 0x1D73A003: gst_rtp_mpa_robust_depay_process
(gstrtpmparobustdepay.c:634)
==9907==    by 0x18213A36: gst_rtp_base_depayload_chain
(gstrtpbasedepayload.c:332)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==  Address 0xd2a76b3 is not stack'd, malloc'd or (recently) free'd
==9907== 
message from "audiosink-actual-sink-pulse" (tag): GstMessageTag,
taglist=(taglist)"taglist\,\ maximum-bitrate\=\(uint\)320031\;";
==9907== Invalid write of size 2
==9907==    at 0x4C2A846: memcpy (mc_replace_strmem.c:838)
==9907==    by 0x1D7393EC: gst_rtp_mpa_robust_depay_push_mp3_frames
(gstbytewriter.h:255)
==9907==    by 0x1D73A003: gst_rtp_mpa_robust_depay_process
(gstrtpmparobustdepay.c:634)
==9907==    by 0x18213A36: gst_rtp_base_depayload_chain
(gstrtpbasedepayload.c:332)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1AEBC6BA: gst_rtp_pt_demux_chain (gstrtpptdemux.c:436)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1AEB7801: gst_rtp_jitter_buffer_loop
(gstrtpjitterbuffer.c:1902)
==9907==  Address 0xda6ce44 is not stack'd, malloc'd or (recently) free'd
==9907== 
--9907-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) -
exiting
--9907-- si_code=80;  Faulting address: 0x0;  sp: 0x40f334db0

valgrind: the 'impossible' happened:
   Killed by fatal signal
==9907==    at 0x38057958: vgPlain_arena_malloc (m_mallocfree.c:285)
==9907==    by 0x3802124C: vgMemCheck_new_block (mc_malloc_wrappers.c:248)
==9907==    by 0x380213DA: vgMemCheck_malloc (mc_malloc_wrappers.c:285)
==9907==    by 0x3808F3E6: vgPlain_scheduler (scheduler.c:1461)
==9907==    by 0x3809E449: run_a_thread_NORETURN (syswrap-linux.c:98)
==9907==    by 0x3809E6DA: vgModuleLocal_start_thread_NORETURN
(syswrap-linux.c:268)
==9907==    by 0x380B9E3D: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==9907==    by 0xDEADBEEFDEADBEEE: ???
==9907==    by 0xDEADBEEFDEADBEEE: ???
==9907==    by 0xDEADBEEFDEADBEEE: ???

sched status:
  running_tid=8

Thread 1: status = VgTs_WaitSys
==9907==    at 0x7E21847: writev (writev.c:56)
==9907==    by 0xB137184: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==9907==    by 0xB1375FE: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==9907==    by 0xB137683: xcb_writev (in
/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==9907==    by 0x87ECD46: _XSend (in /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0)
==9907==    by 0x87ED0DF: _XFlush (in
/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0)
==9907==    by 0x87CE839: XFlush (in /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0)
==9907==    by 0x603322F: gdk_window_process_all_updates (in
/usr/lib/x86_64-linux-gnu/libgdk-3.so.0.400.2)
==9907==    by 0x5A6A235: ??? (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.400.2)
==9907==    by 0x60168EF: ??? (in
/usr/lib/x86_64-linux-gnu/libgdk-3.so.0.400.2)
==9907==    by 0x7605204: g_main_context_dispatch (gmain.c:2539)
==9907==    by 0x7605537: g_main_context_iterate.isra.23 (gmain.c:3146)
==9907==    by 0x7605931: g_main_loop_run (gmain.c:3340)
==9907==    by 0x5AF02C4: gtk_main (in
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0.400.2)
==9907==    by 0x4082F9: main (playback-test.c:3371)

Thread 2: status = VgTs_WaitSys
==9907==    at 0x7B3F2D4: pthread_cond_wait@@GLIBC_2.3.2
(pthread_cond_wait.S:162)
==9907==    by 0x764142E: g_cond_wait (gthread-posix.c:746)
==9907==    by 0x50FB38A: gst_task_func (gsttask.c:301)
==9907==    by 0x76285F1: g_thread_pool_thread_proxy (gthreadpool.c:309)
==9907==    by 0x7627DF4: g_thread_proxy (gthread.c:801)
==9907==    by 0x7B3AB4F: start_thread (pthread_create.c:304)
==9907==    by 0x7E286DC: clone (clone.S:112)

Thread 3: status = VgTs_WaitSys
==9907==    at 0x7E1DA93: poll (poll.c:87)
==9907==    by 0x6511257: g_socket_condition_timed_wait (gsocket.c:3564)
==9907==    by 0x1A293D1A: gst_udpsrc_create (gstudpsrc.c:390)
==9907==    by 0x81005C1: gst_base_src_get_range (gstbasesrc.c:2313)
==9907==    by 0x8101BB2: gst_base_src_loop (gstbasesrc.c:2558)
==9907==    by 0x50FB1E0: gst_task_func (gsttask.c:316)
==9907==    by 0x76285F1: g_thread_pool_thread_proxy (gthreadpool.c:309)
==9907==    by 0x7627DF4: g_thread_proxy (gthread.c:801)
==9907==    by 0x7B3AB4F: start_thread (pthread_create.c:304)
==9907==    by 0x7E286DC: clone (clone.S:112)

Thread 4: status = VgTs_WaitSys
==9907==    at 0x7E1DA93: poll (poll.c:87)
==9907==    by 0x6511257: g_socket_condition_timed_wait (gsocket.c:3564)
==9907==    by 0x1A293D1A: gst_udpsrc_create (gstudpsrc.c:390)
==9907==    by 0x81005C1: gst_base_src_get_range (gstbasesrc.c:2313)
==9907==    by 0x8101BB2: gst_base_src_loop (gstbasesrc.c:2558)
==9907==    by 0x50FB1E0: gst_task_func (gsttask.c:316)
==9907==    by 0x76285F1: g_thread_pool_thread_proxy (gthreadpool.c:309)
==9907==    by 0x7627DF4: g_thread_proxy (gthread.c:801)
==9907==    by 0x7B3AB4F: start_thread (pthread_create.c:304)
==9907==    by 0x7E286DC: clone (clone.S:112)

Thread 5: status = VgTs_WaitSys
==9907==    at 0x7E1DB61: ppoll (ppoll.c:57)
==9907==    by 0x50DFC34: gst_poll_wait (gstpoll.c:1253)
==9907==    by 0x50F3F9B: gst_system_clock_id_wait_jitter_unlocked
(gstsystemclock.c:644)
==9907==    by 0x50ADF73: gst_clock_id_wait (gstclock.c:512)
==9907==    by 0x1AECD590: rtcp_thread (gstrtpsession.c:841)
==9907==    by 0x7627DF4: g_thread_proxy (gthread.c:801)
==9907==    by 0x7B3AB4F: start_thread (pthread_create.c:304)
==9907==    by 0x7E286DC: clone (clone.S:112)

Thread 6: status = VgTs_WaitSys
==9907==    at 0x7B3CBE8: __pthread_mutex_lock_full (pthread_mutex_lock.c:303)
==9907==    by 0x14D8652D: pa_mutex_lock (in
/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-2.0.so)
==9907==    by 0x1354AE48: ??? (in
/usr/lib/x86_64-linux-gnu/libpulse.so.0.14.2)
==9907==    by 0x1353C39B: pa_mainloop_poll (in
/usr/lib/x86_64-linux-gnu/libpulse.so.0.14.2)
==9907==    by 0x1353C9F8: pa_mainloop_iterate (in
/usr/lib/x86_64-linux-gnu/libpulse.so.0.14.2)
==9907==    by 0x1353CAAF: pa_mainloop_run (in
/usr/lib/x86_64-linux-gnu/libpulse.so.0.14.2)
==9907==    by 0x1354ADEE: ??? (in
/usr/lib/x86_64-linux-gnu/libpulse.so.0.14.2)
==9907==    by 0x14D87422: ??? (in
/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-2.0.so)
==9907==    by 0x7B3AB4F: start_thread (pthread_create.c:304)
==9907==    by 0x7E286DC: clone (clone.S:112)

Thread 7: status = VgTs_WaitSys
==9907==    at 0x7B3F2D4: pthread_cond_wait@@GLIBC_2.3.2
(pthread_cond_wait.S:162)
==9907==    by 0x764142E: g_cond_wait (gthread-posix.c:746)
==9907==    by 0x50FB38A: gst_task_func (gsttask.c:301)
==9907==    by 0x76285F1: g_thread_pool_thread_proxy (gthreadpool.c:309)
==9907==    by 0x7627DF4: g_thread_proxy (gthread.c:801)
==9907==    by 0x7B3AB4F: start_thread (pthread_create.c:304)
==9907==    by 0x7E286DC: clone (clone.S:112)

Thread 8: status = VgTs_Runnable
==9907==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==9907==    by 0x760ADE0: g_malloc (gmem.c:159)
==9907==    by 0x761F1C2: g_slice_alloc (gslice.c:1003)
==9907==    by 0x50A24AE: gst_buffer_new (gstbuffer.c:576)
==9907==    by 0x50A3586: gst_buffer_new_wrapped_full (gstbuffer.c:715)
==9907==    by 0x80EDB6E: gst_base_parse_chain (gstbaseparse.c:2585)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1821346D: gst_rtp_base_depayload_push
(gstrtpbasedepayload.c:587)
==9907==    by 0x1D738C22: gst_rtp_mpa_robust_depay_push_mp3_frames
(gstrtpmparobustdepay.c:616)
==9907==    by 0x1D73A003: gst_rtp_mpa_robust_depay_process
(gstrtpmparobustdepay.c:634)
==9907==    by 0x18213A36: gst_rtp_base_depayload_chain
(gstrtpbasedepayload.c:332)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1AEBC6BA: gst_rtp_pt_demux_chain (gstrtpptdemux.c:436)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1AEB7801: gst_rtp_jitter_buffer_loop
(gstrtpjitterbuffer.c:1902)
==9907==    by 0x50FB1E0: gst_task_func (gsttask.c:316)
==9907==    by 0x76285F1: g_thread_pool_thread_proxy (gthreadpool.c:309)
==9907==    by 0x7627DF4: g_thread_proxy (gthread.c:801)
==9907==    by 0x7B3AB4F: start_thread (pthread_create.c:304)
==9907==    by 0x7E286DC: clone (clone.S:112)

Thread 9: status = VgTs_WaitSys
==9907==    at 0x7B3CBE8: __pthread_mutex_lock_full (pthread_mutex_lock.c:303)
==9907==    by 0x14D8652D: pa_mutex_lock (in
/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-2.0.so)
==9907==    by 0x1DBA72A2: gst_pulseringbuffer_commit (pulsesink.c:1376)
==9907==    by 0x1095A865: gst_audio_base_sink_render (gstaudiobasesink.c:1845)
==9907==    by 0x80FB4FB: gst_base_sink_chain_unlocked.isra.11
(gstbasesink.c:3187)
==9907==    by 0x80FD02B: gst_base_sink_chain_main (gstbasesink.c:3295)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x810A1F9: gst_base_transform_chain (gstbasetransform.c:2190)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x810A1F9: gst_base_transform_chain (gstbasetransform.c:2190)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x50CD6C7: gst_pad_push_data (gstpad.c:3587)
==9907==    by 0x1C103C79: gst_queue_loop (gstqueue.c:1045)
==9907==    by 0x50FB1E0: gst_task_func (gsttask.c:316)
==9907==    by 0x76285F1: g_thread_pool_thread_proxy (gthreadpool.c:309)
==9907==    by 0x7627DF4: g_thread_proxy (gthread.c:801)
==9907==    by 0x7B3AB4F: start_thread (pthread_create.c:304)
==9907==    by 0x7E286DC: clone (clone.S:112)

Didn't crash with 0.10, but there are lots of garbled bits in 0.10 as well, and
mad switches back and forth from 128k to 320k and other things.

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.