[Bug 733717] New: glmemory allocate size didn't match video_orc_pack_I420 needs if height is odd
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Fri Jul 25 01:38:15 PDT 2014
https://bugzilla.gnome.org/show_bug.cgi?id=733717
GStreamer | gst-plugins-bad | 1.4.0
Summary: glmemory allocate size didn't match
video_orc_pack_I420 needs if height is odd
Classification: Platform
Product: GStreamer
Version: 1.4.0
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: gst-plugins-bad
AssignedTo: gstreamer-bugs at lists.freedesktop.org
ReportedBy: comicfans44 at gmail.com
QAContact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
(tested with ORC disabled )
gst-launch-1.0 videotestsrc ! video/x-raw,
format=\(string\)I420,width=512,height=11 ! glimagesink
just crash
gst-launch-1.0 videotestsrc ! video/x-raw,
format=\(string\)I420,width=512,height=11 ! videoconvert ! ximagesink
works OK
I found that with ximagesink
gst_video_test_src_fill will be feed with a
GstBuffer
n_memery=1
size=9216
but with glimagesink
GstBuffer
n_memory=3
size=8704 (512*11 + 256*6 + 256*6 allocated in _gl_mem_init)
if height is even ,everything is OK
clang asan report as follows:
==7456==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x9480a080 at
pc 0xb67fecfa bp 0x96b787b8 sp 0x96b787b0
WRITE of size 1 at 0x9480a080 thread T1 (videotestsrc0:s)
#0 0xb67fecf9 in video_orc_pack_I420
/home/wangxinyu/project/gstreamer/gst-plugins-base/asanbuild/gst-libs/gst/video/tmp-orc.c:1137
#1 0xb65d9a8b in pack_planar_420
/home/wangxinyu/project/gstreamer/gst-plugins-base/asanbuild/gst-libs/gst/video/../../../../gst-libs/gst/video/video-format.c:102
#2 0x9b0a2b0b in convert_hline_generic
/home/wangxinyu/project/gstreamer/gst-plugins-base/asanbuild/gst/videotestsrc/../../../gst/videotestsrc/videotestsrc.c:1202
#3 0x9b079525 in videotestsrc_convert_tmpline
/home/wangxinyu/project/gstreamer/gst-plugins-base/asanbuild/gst/videotestsrc/../../../gst/videotestsrc/videotestsrc.c:275
#4 0x9b073793 in gst_video_test_src_smpte
/home/wangxinyu/project/gstreamer/gst-plugins-base/asanbuild/gst/videotestsrc/../../../gst/videotestsrc/videotestsrc.c:423
#5 0x9b069ee5 in gst_video_test_src_fill
/home/wangxinyu/project/gstreamer/gst-plugins-base/asanbuild/gst/videotestsrc/../../../gst/videotestsrc/gstvideotestsrc.c:929
#6 0x9e5bf298 in gst_push_src_fill
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstpushsrc.c:167
#7 0x9e4a99b2 in gst_base_src_default_create
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstbasesrc.c:1471
#8 0x9e5be00f in gst_push_src_create
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstpushsrc.c:133
#9 0x9e47ade6 in gst_base_src_get_range
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstbasesrc.c:2445
#10 0x9e471ccc in gst_base_src_loop
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstbasesrc.c:2721
#11 0xb6eb34a3 in gst_task_func
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/gst/../../gst/gsttask.c:317
#12 0xb6ebba83 in default_func
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/gst/../../gst/gsttaskpool.c:68
#13 0xb64a9424 in g_thread_pool_new ??:?
#14 0xb64a89c9 in g_test_get_filename ??:?
#15 0x80bd606 in _ZN6__asan10AsanThread11ThreadStartEm ??:?
#16 0x809c45d in _ZL17asan_thread_startPv asan_interceptors.o:?
#17 0xb616af6f in start_thread
/build/buildd/eglibc-2.19/nptl/pthread_create.c:312 (discriminator 1)
#18 0x9e70a70d in clone
/build/buildd/eglibc-2.19/misc/../sysdeps/unix/sysv/linux/i386/clone.S:129
0x9480a080 is located 0 bytes to the right of 1536-byte region
[0x94809a80,0x9480a080)
allocated by thread T1 (videotestsrc0:s) here:
#0 0x80b3a69 in __interceptor_malloc ??:?
#1 0xb6487be2 in g_malloc ??:?
#2 0xb724ba85 in gst_gl_memory_setup_buffer
/home/wangxinyu/project/gstreamer/gst-plugins-bad/gst-libs/gst/gl/gstglmemory.c:1135
#3 0xb7262ca6 in gst_gl_buffer_pool_alloc
/home/wangxinyu/project/gstreamer/gst-plugins-bad/gst-libs/gst/gl/gstglbufferpool.c:211
#4 0xb69b9f9b in do_alloc_buffer
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/gst/../../gst/gstbufferpool.c:267
#5 0xb69b617f in default_acquire_buffer
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/gst/../../gst/gstbufferpool.c:1098
#6 0xb726396f in gst_gl_buffer_pool_acquire_buffer
/home/wangxinyu/project/gstreamer/gst-plugins-bad/gst-libs/gst/gl/gstglbufferpool.c:250
#7 0xb69aecef in gst_buffer_pool_acquire_buffer
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/gst/../../gst/gstbufferpool.c:1206
#8 0x9e4aab83 in gst_base_src_default_alloc
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstbasesrc.c:1422
#9 0x9e5bea7f in gst_push_src_alloc
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstpushsrc.c:151
#10 0x9e4a950a in gst_base_src_default_create
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstbasesrc.c:1462
#11 0x9e5be00f in gst_push_src_create
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstpushsrc.c:133
#12 0x9e47ade6 in gst_base_src_get_range
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstbasesrc.c:2445
#13 0x9e471ccc in gst_base_src_loop
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/libs/gst/base/../../../../libs/gst/base/gstbasesrc.c:2721
#14 0xb6eb34a3 in gst_task_func
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/gst/../../gst/gsttask.c:317
#15 0xb6ebba83 in default_func
/home/wangxinyu/project/gstreamer/gstreamer-git/asanbuild/gst/../../gst/gsttaskpool.c:68
#16 0xb64a9424 in g_thread_pool_new ??:?
Thread T1 (videotestsrc0:s) created by T0 here:
#0 0x809c2fe in pthread_create ??:?
#1 0xb64c77df in g_private_replace ??:?
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x329013c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x329013d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x329013e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x329013f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x32901400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x32901410:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x32901420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x32901430: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x32901440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x32901450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x32901460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==7456==ABORTING
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list