[Bug 776107] New: Access violation in __gst_fast_read_swap32

GStreamer (GNOME Bugzilla) bugzilla at gnome.org
Wed Dec 14 18:38:02 UTC 2016 

https://bugzilla.gnome.org/show_bug.cgi?id=776107

            Bug ID: 776107
           Summary: Access violation in __gst_fast_read_swap32
    Classification: Platform
           Product: GStreamer
           Version: 1.10.x
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gst-plugins-good
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: blawlt at gmx.es
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

Created attachment 341969
  --> https://bugzilla.gnome.org/attachment.cgi?id=341969&action=edit
poc of crash

Did not have a lot of time to look into exactly what is going on here, but
__gst_fast_read_swap32 segfaults while attempting an endianness swap during the
demuxing of the video. This one gets there through mp4, but due to the nature
of the files gst deals with presumably this can be reached through other paths
as well. 

Output from asan follows and a sample file producing the crash in the latest
version. 

=================================================================
==21817==ERROR: AddressSanitizer: SEGV on unknown address 0x625000080000 (pc
0x7faa56155a2c bp 0x7faa55d17420 sp 0x7faa55d17420 T3)
    #0 0x7faa56155a2b in __gst_fast_read_swap32
/usr/include/gstreamer-1.0/gst/gstutils.h:131
    #1 0x7faa5617941d in qtdemux_parse_segments
/home/fuzzy/src/gst-plugins-good-1.10.2/gst/isomp4/qtdemux.c:8680
    #2 0x7faa56182e22 in qtdemux_parse_trak
/home/fuzzy/src/gst-plugins-good-1.10.2/gst/isomp4/qtdemux.c:10900
    #3 0x7faa56188649 in qtdemux_parse_tree
/home/fuzzy/src/gst-plugins-good-1.10.2/gst/isomp4/qtdemux.c:12495
    #4 0x7faa56163e3a in gst_qtdemux_loop_state_header
/home/fuzzy/src/gst-plugins-good-1.10.2/gst/isomp4/qtdemux.c:4191
    #5 0x7faa5616c989 in gst_qtdemux_loop
/home/fuzzy/src/gst-plugins-good-1.10.2/gst/isomp4/qtdemux.c:5723
    #6 0x7faa5cd9eb40  (/usr/lib/libgstreamer-1.0.so.0+0xa6b40)
    #7 0x7faa5c805acd  (/usr/lib/libglib-2.0.so.0+0x72acd)
    #8 0x7faa5c8050d4  (/usr/lib/libglib-2.0.so.0+0x720d4)
    #9 0x7faa5c279453 in start_thread (/usr/lib/libpthread.so.0+0x7453)
    #10 0x7faa5bfbc7de in __GI___clone (/usr/lib/libc.so.6+0xe87de)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/include/gstreamer-1.0/gst/gstutils.h:131
in __gst_fast_read_swap32
Thread T3 (qtdemux0:sink) created by T2 (typefind:sink) here:
    #0 0x7faa5d99d498 in __interceptor_pthread_create
/build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cc:236
    #1 0x7faa5c822b9f  (/usr/lib/libglib-2.0.so.0+0x8fb9f)

Thread T2 (typefind:sink) created by T1 (GstPlayer) here:
    #0 0x7faa5d99d498 in __interceptor_pthread_create
/build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cc:236
    #1 0x7faa5c822b9f  (/usr/lib/libglib-2.0.so.0+0x8fb9f)

Thread T1 (GstPlayer) created by T0 here:
    #0 0x7faa5d99d498 in __interceptor_pthread_create
/build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cc:236
    #1 0x7faa5c822b9f  (/usr/lib/libglib-2.0.so.0+0x8fb9f)

==21817==ABORTING

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list