[Bug 759910] New: GstDiscoverer checking aac http stream called many times eventually results in segmentation fault

GStreamer (GNOME Bugzilla) bugzilla at gnome.org
Sun Dec 27 12:11:37 PST 2015 

https://bugzilla.gnome.org/show_bug.cgi?id=759910

            Bug ID: 759910
           Summary: GstDiscoverer checking aac http stream called many
                    times eventually results in segmentation fault
    Classification: Platform
           Product: GStreamer
           Version: 1.6.1
                OS: Windows
            Status: NEW
          Severity: critical
          Priority: Normal
         Component: gst-plugins-base
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: pro.void at gmail.com
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

Created attachment 317937
  --> https://bugzilla.gnome.org/attachment.cgi?id=317937&action=edit
sample code and screenshots with debug info - stack and locals.

In my app I need to monitor several internet aac audio streams if they are
online. For this task I use GstDiscoverer.

I check audio streams every 1-2 seconds. And every time my app is running,
eventually it will crash with segmentation fault error during GstDiscoverer
check.

I tried both sync and async methods of calling GstDiscoverer (
gst_discoverer_discover_uri(), gst_discoverer_discover_uri_async() ) , both
work the same way.

The crash happens in aac_type_find() function from gsttypefindfunctions.c on
line 1122 (second line of code below).
len = ((c.data[offset + 3] & 0x03) << 11) |
       (c.data[offset + 4] << 3) | ((c.data[offset + 5] & 0xe0) >> 5);
As I discovered from debug information about local variables, offset variable
is greater than c.size, so c.data[offset] is out of range, I think that's why
segmentation fault happens. This happens not regularly. The program can work
several hours or ten minutes. So, there is some probability of crash calling
aac_type_find().

I tried GStreamer versions 1.6.1 and latest 1.6.2, the bug exists in both.
I can reproduce the bug only on Windows (tried on XP and 7), on Mac OS X
everything works fine. On Linux I didn't try. May be it is some Windows-related
bug.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list