[Bug 698546] New: avdec: Crash with some h264 streams

GStreamer (bugzilla.gnome.org) bugzilla at gnome.org
Mon Apr 22 00:57:18 PDT 2013 

https://bugzilla.gnome.org/show_bug.cgi?id=698546
  GStreamer | gst-libav | git

           Summary: avdec: Crash with some h264 streams
    Classification: Platform
           Product: GStreamer
           Version: git
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gst-libav
        AssignedTo: gstreamer-bugs at lists.freedesktop.org
        ReportedBy: slomo at circular-chaos.org
         QAContact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---


Happens especially often on Windows, sometimes on Linux. I have a 0.10 GDP dump
here that reproduces it reliably on Linux too, backtrace below. Happens after
decoding a few frames without problems. Stream is avc/au.

Unfortunately muxing that to anything else makes the crash go away. It happens
with versions 0.6.6, 0.7.2 and 0.8.6 of libav at least so it's nothing new.
Does *not* happen with the 0.10 versions of everything as in Debian/unstable,
which is also libav 0.8.6.



[Switching to Thread 0x7ffff6cac700 (LWP 6011)]
0x00007ffff56cab0f in decode_slice_header (h=h at entry=0x7ffff5380040, 
    h0=h0 at entry=0x7ffff5380040) at libavcodec/h264.c:2927
2927                if (!last_pic_dropable && s0->current_picture_ptr->owner2
== s0) {
(gdb) print s0->current_picture_ptr 
$1 = (Picture *) 0x0
(gdb) bt
#0  0x00007ffff56cab0f in decode_slice_header (h=h at entry=0x7ffff5380040, 
    h0=h0 at entry=0x7ffff5380040) at libavcodec/h264.c:2927
#1  0x00007ffff56cd163 in decode_nal_units (h=h at entry=0x7ffff5380040, 
    buf=0x7ffff06115c0 "", buf_size=buf_size at entry=37488)
    at libavcodec/h264.c:3966
#2  0x00007ffff56cdbc9 in decode_frame (avctx=0x7ffff0096040, 
    data=0x7ffff0095d40, data_size=0x7ffff6cab514, avpkt=<optimized out>)
    at libavcodec/h264.c:4184
#3  0x00007ffff58a26f0 in avcodec_decode_video2 (
    avctx=avctx at entry=0x7ffff0096040, picture=0x7ffff0095d40, 
    got_picture_ptr=got_picture_ptr at entry=0x7ffff6cab514, 
    avpkt=avpkt at entry=0x7ffff6cab570) at libavcodec/utils.c:1152
#4  0x00007ffff5460916 in gst_ffmpegdec_video_frame (ret=0x7ffff6cab6b4, 
    outbuf=0x7ffff6cab520, dec_info=0x7ffff0094290, size=37488, 
    data=0x7ffff06115c0 "", ffmpegdec=0x7ffff0093a90) at gstffmpegdec.c:1769
#5  gst_ffmpegdec_frame (ffmpegdec=ffmpegdec at entry=0x7ffff0093a90, 
    data=<optimized out>, size=37488, got_data=got_data at entry=0x7ffff6cab6b0, 
    dec_info=0x7ffff0094290, ret=ret at entry=0x7ffff6cab6b4)
    at gstffmpegdec.c:2286
#6  0x00007ffff5465572 in gst_ffmpegdec_chain (pad=<optimized out>, 
    inbuf=0x7ffff00c7680) at gstffmpegdec.c:2733
#7  0x00007ffff7f6e471 in gst_pad_push (pad=0x7ffff0052180, 
    buffer=0x7ffff00c7680) at gstpad.c:4715
---Type <return> to continue, or q <return> to quit---
#8  0x00007ffff6d046ac in gst_base_transform_chain (pad=<optimized out>, 
    buffer=0x7ffff00c7680) at gstbasetransform.c:2687
#9  0x00007ffff7f6e471 in gst_pad_push (pad=0x5bbde0, 
    buffer=buffer at entry=0x7ffff00c7680) at gstpad.c:4715
#10 0x00007ffff6ce612a in gst_base_parse_push_frame (
    parse=parse at entry=0x7ffff0050c00, frame=frame at entry=0x7ffff00519a8)
    at gstbaseparse.c:1967
#11 0x00007ffff6ce764b in gst_base_parse_chain (pad=<optimized out>, 
    buffer=0x7ffff00c7680) at gstbaseparse.c:2303
#12 0x00007ffff649c4ac in gst_h264_parse_chain (pad=0x5bbc60, 
    buffer=0x7ffff00c7680) at gsth264parse.c:1988
#13 0x00007ffff7f6e471 in gst_pad_push (pad=0x5bb660, 
    buffer=buffer at entry=0x7ffff00c7680) at gstpad.c:4715
#14 0x00007ffff6d5a25e in gst_type_find_element_chain (pad=<optimized out>, 
    buffer=0x7ffff00c7680) at gsttypefindelement.c:771
#15 0x00007ffff7f6e471 in gst_pad_push (pad=0x5ca070, buffer=0x7ffff00c7680)
    at gstpad.c:4715
#16 0x00007ffff7f6e471 in gst_pad_push (pad=0x5bb360, 
    buffer=buffer at entry=0x7ffff00c7680) at gstpad.c:4715
#17 0x00007ffff7e8c5bf in gst_gdp_depay_chain (pad=<optimized out>, 
    buffer=<optimized out>) at gstgdpdepay.c:328
#18 0x00007ffff7f6e471 in gst_pad_push (pad=pad at entry=0x5bb060, 
    buffer=0x7ffff00c7400) at gstpad.c:4715
---Type <return> to continue, or q <return> to quit---
#19 0x00007ffff6cfc365 in gst_base_src_loop (pad=0x5bb060) at gstbasesrc.c:2567
#20 0x00007ffff7f94bb4 in gst_task_func (task=0x5d1040) at gsttask.c:327
#21 0x00007ffff7d1078a in g_thread_pool_thread_proxy ()
   from
/home/slomo/Projects/gstreamer/gst-sdk/cerbero/dist/linux/lib/libglib-2.0.so.0
#22 0x00007ffff7d101c6 in g_thread_proxy ()
   from
/home/slomo/Projects/gstreamer/gst-sdk/cerbero/dist/linux/lib/libglib-2.0.so.0
#23 0x00007ffff7876e0e in start_thread (arg=0x7ffff6cac700)
    at pthread_create.c:311
#24 0x00007ffff75aa94d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list