[Bug 703922] New: The mpegpsmux plugins crashed sometimes

GStreamer (bugzilla.gnome.org) bugzilla at gnome.org
Wed Jul 10 00:02:47 PDT 2013 

https://bugzilla.gnome.org/show_bug.cgi?id=703922
  GStreamer | gst-plugins-bad | 1.1.1

           Summary: The mpegpsmux plugins crashed sometimes
    Classification: Platform
           Product: GStreamer
           Version: 1.1.1
        OS/Version: All
            Status: UNCONFIRMED
          Severity: blocker
          Priority: Normal
         Component: gst-plugins-bad
        AssignedTo: gstreamer-bugs at lists.freedesktop.org
        ReportedBy: wangk212 at gmail.com
         QAContact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---


Created an attachment (id=248803)
 --> (https://bugzilla.gnome.org/attachment.cgi?id=248803)
the attachment fixed the bugs and stability run over one week.

title: mpegpsmux crashed sometimes

reproduce step:
run the commands for h264/ps/rtp streaming test:
gst-launch-0.10 artpecsrc bitrate=128 text="AXIS Tesing Videos:" textsize=0
textcolor=black textbgcolor=transparent !
video/x-h264,width=320,height=240,framerate=15/2 !
 cachesink async=false cachesrc ! mpegpsmux ! rtpmp2pspay pt=96 ssrc=0x12345678
! udpsink host=192.168.77.248 port=11118
(Actually, in order to debug conveniently, I run another test program
"streambin" which run the same commands by gst_parse_launch function).

bug description:
1. when run mpegpsmux plugins for real-time streaming, it might cause a crash
sometimes.
2. the crash bug reproduce in all mpegpsmux version.
3. when crashed, core dump backtrace as following (sometimes):

#0  0x7743a788 in __GI_raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:67
#1  0x7743f254 in __GI_abort () at abort.c:91
#2  0x77475aa0 in __libc_message (do_abort=2, fmt=0x7754b8d8 "*** glibc
detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:201
#3  0x77482f2c in malloc_printerr (action=3, str=0x7754bac0 "free(): invalid
next size (fast)", ptr=Unhandled dwarf expression opcode 0xf3
) at malloc.c:5007
#4  0x77636394 in g_print (format=Unhandled dwarf expression opcode 0xf3
) at
/home/kunwg/source/P3367/unpacked/libs/glib-IR2.32.4-4/glib/glib/gmessages.c:1335
#5  0x7663aa88 in psmux_stream_get_data (stream=0x76644000, buf=0xe <Address
0xe out of bounds>, len=Unhandled dwarf expression opcode 0xf3
)
    at
/home/kunwg/source/P3367/libs/gst-plugins-bad/gst-plugins-bad/gst/mpegpsmux/psmuxstream.c:320
#6  0x009b5800 in ?? ()

4. when crashed, program throw exception:

*** glibc detected *** ./streambin: free(): invalid next size (normal):
0x7540b4a0 ***

5. the core backtrace usual output different function call stack. 

root cause:
1. one memory buffer visit out of range.
2. when mpegpsmux initial memory buffer to store PS header, it set an  improper
size.
3. so if the PS header length bigger than the initial buffer, would cause a
crash due to visit undefined memory address.

solution:
1. modify the initial memory buffer to enough size to store PS header.

one optional solution like this attachment source code:

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list