[Bug 758852] New: tsdemux segfault
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Mon Nov 30 06:31:23 PST 2015
https://bugzilla.gnome.org/show_bug.cgi?id=758852
Bug ID: 758852
Summary: tsdemux segfault
Classification: Platform
Product: GStreamer
Version: 1.6.1
OS: Linux
Status: NEW
Severity: normal
Priority: Normal
Component: gst-plugins-bad
Assignee: gstreamer-bugs at lists.freedesktop.org
Reporter: ydirson at free.fr
QA Contact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
Testing random ideas, my setup was:
* a client gstreamer getting a stream through UDP from netcat:
nc -u -l -p 9999 | GST_DEBUG=WARN gst-launch-1.0 filesrc location=/dev/stdin !
\
tsdemux ! h264parse ! avdec_h264 ! glimagesink
* a "server" gstreamer feeding the stream through UDP using netcat, using pv as
rate-limiter
GST_DEBUG=WARN gst-launch-1.0 filesrc
location=~/Videos/big_buck_bunny_480p_h264.mov ! \
qtdemux ! h264parse ! mpegtsmux ! filesink location=/dev/stdout | pv -q -L
400k | nc -u localhost 9999
Quite rapidly the client side segfaults:
Setting pipeline to PAUSED ...
0:00:00.045968933 3122 0x13f2c00 WARN basesrc
gstbasesrc.c:3481:gst_base_src_start_complete:<filesrc0> pad not activated yet
Pipeline is PREROLLING ...
Got context from element 'sink': gst.gl.GLDisplay=context,
gst.gl.GLDisplay=(GstGLDisplay)"\(GstGLDisplayX11\)\ gldisplayx11-0";
0:00:02.553049510 3122 0x13fb5e0 WARN libav
gstavcodecmap.c:2419:gst_ffmpeg_caps_to_pixfmt: ignoring insane framerate 1/0
Pipeline is PREROLLED ...
Setting pipeline to PLAYING ...
New clock: GstSystemClock
0:00:05.030942214 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 2, stream 5
0:00:05.114448125 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 9, stream
12
0:00:05.322561262 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 4, stream
11
0:00:05.364483461 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 11, stream
14
0:00:05.447532807 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 3, stream 6
0:00:06.406019271 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 10, stream
12
0:00:06.490193888 3122 0x7f12b0021860 ERROR libav :0::
negative number of zero coeffs at 47 17
0:00:06.490256224 3122 0x7f12b0021860 ERROR libav :0:: error
while decoding MB 47 17
0:00:06.530833728 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 4, stream
11
0:00:07.614250009 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 2, stream
14
0:00:07.905797932 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 2, stream 5
0:00:08.197616639 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 4, stream 7
0:00:08.197660427 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 12, stream
3
0:00:08.239524463 3122 0x13fb5e0 WARN tsdemux
tsdemux.c:1910:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 4, stream 7
Caught SIGSEGV
Segmentation fault (core dumped)
and gdb seems to show that mpegts_packetizer_push_section has a wrong idea of
the size of data it got.
Safety check missing ? Potential for buffer overflow ?
Core was generated by `gst-launch-1.0 filesrc location=/dev/stdin ! tsdemux !
h264parse ! avdec_h264 !'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f12d4c89c77 in ptmalloc_lock_all () at arena.c:242
242 arena.c: No such file or directory.
[Current thread is 1 (LWP 3125)]
(gdb) bt
#0 0x00007f12d4c89c77 in ptmalloc_lock_all () at arena.c:242
#1 0x00007f12d4cc9792 in __libc_fork () at
../nptl/sysdeps/unix/sysv/linux/x86_64/../fork.c:95
#2 0x00007f12d4fcc3e5 in __fork () at
../nptl/sysdeps/unix/sysv/linux/pt-fork.c:25
#3 0x00007f12d51f77dc in g_on_error_stack_trace
(prg_name=prg_name at entry=0x405adf "gst-launch-1.0") at
/build/glib2.0-ocmJ1Y/glib2.0-2.46.2/./glib/gbacktrace.c:240
#4 0x0000000000405734 in fault_spin () at gst-launch.c:102
#5 fault_handler_sighandler (signum=11) at gst-launch.c:93
#6 <signal handler called>
#7 __memcpy_sse2_unaligned () at
../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:152
#8 0x00007f12d37b64ab in memcpy (__len=18446744073709551600, __src=<optimized
out>, __dest=<optimized out>) at
/usr/include/x86_64-linux-gnu/bits/string3.h:51
#9 mpegts_packetizer_push_section (packetizer=packetizer at entry=0x132a000,
packet=packet at entry=0x7f12bb1c3c80, remaining=remaining at entry=0x7f12bb1c3c78)
at mpegtspacketizer.c:1020
#10 0x00007f12d37bb987 in mpegts_base_chain (pad=<optimized out>,
parent=0x1328040, buf=0x7f12b00248f0) at mpegtsbase.c:1152
#11 0x00007f12d57a5998 in gst_pad_chain_data_unchecked (data=0x7f12b00248f0,
type=4112, pad=0x13202b0) at gstpad.c:4085
#12 gst_pad_push_data (pad=pad at entry=0x1320070, type=type at entry=4112,
data=0x7f12b00248f0) at gstpad.c:4337
#13 0x00007f12d57ad406 in gst_pad_push (pad=pad at entry=0x1320070,
buffer=<optimized out>) at gstpad.c:4453
#14 0x00007f12d3a01605 in gst_base_src_loop (pad=0x1320070) at
gstbasesrc.c:2845
#15 0x00007f12d57d5d31 in gst_task_func (task=0x147f050) at gsttask.c:331
#16 0x00007f12d52492ee in g_thread_pool_thread_proxy (data=<optimized out>) at
/build/glib2.0-ocmJ1Y/glib2.0-2.46.2/./glib/gthreadpool.c:307
#17 0x00007f12d5248955 in g_thread_proxy (data=0x13fb5e0) at
/build/glib2.0-ocmJ1Y/glib2.0-2.46.2/./glib/gthread.c:778
#18 0x00007f12d4fc30a4 in start_thread (arg=0x7f12bb1c4700) at
pthread_create.c:309
#19 0x00007f12d4cf806d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb)
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list