[Bug 780040] New: rtph264depay segfault

GStreamer (GNOME Bugzilla) bugzilla at gnome.org
Tue Mar 14 16:33:17 UTC 2017 

https://bugzilla.gnome.org/show_bug.cgi?id=780040

            Bug ID: 780040
           Summary: rtph264depay segfault
    Classification: Platform
           Product: GStreamer
           Version: 1.x
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gst-plugins-good
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: lists at svrinformatica.it
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

Created attachment 347928
  --> https://bugzilla.gnome.org/attachment.cgi?id=347928&action=edit
proposed fix

a pipeline like this:

rtspsrc ! rtph264depay ! fakesink

segfaults with some rtsp stream, it seems that nal buffer can have NULL data,

the actual code segfault this way:

#0  0x00007ffff2521c49 in gst_rtp_h264_add_sps_pps (rtph264=0x8700a0,
sps_array=sps_array at entry=0x874460, pps_array=pps_array at entry=0x874480,
nal=nal at entry=0x7fffd4004220) at gstrtph264depay.c:510
#1  0x00007ffff252217f in gst_rtp_h264_depay_add_sps_pps
(rtph264depay=rtph264depay at entry=0x8700a0, nal=nal at entry=0x7fffd4004220) at
gstrtph264depay.c:607
#2  0x00007ffff252246f in gst_rtp_h264_depay_setcaps (depayload=0x8700a0,
caps=<optimized out>)
    at gstrtph264depay.c:713
#3  0x00007ffff4a8468f in gst_rtp_base_depayload_setcaps (caps=0x7fffec051770,
filter=0x8700a0)
    at gstrtpbasedepayload.c:326
#4  0x00007ffff4a8468f in gst_rtp_base_depayload_handle_event (filter=0x8700a0,
event=0x7fffd0001920)
    at gstrtpbasedepayload.c:608
#5  0x00007ffff7b169b7 in gst_pad_send_event_unchecked (pad=pad at entry=0x872070,
event=event at entry=0x7fffd0001920, type=<optimized out>,
type at entry=GST_PAD_PROBE_TYPE_EVENT_DOWNSTREAM) at gstpad.c:5608
#6  0x00007ffff7b16e4e in gst_pad_push_event_unchecked
(pad=pad at entry=0x7fffec055640, event=0x7fffd0001920,
type=type at entry=GST_PAD_PROBE_TYPE_EVENT_DOWNSTREAM) at gstpad.c:5264
#7  0x00007ffff7b17250 in push_sticky (pad=pad at entry=0x7fffec055640,
ev=ev at entry=0x7fffe198d2b0, user_data=user_data at entry=0x7fffe198d310) at
gstpad.c:3807
#8  0x00007ffff7b14f47 in events_foreach (pad=pad at entry=0x7fffec055640,
func=func at entry=0x7ffff7b17100 <push_sticky>,
user_data=user_data at entry=0x7fffe198d310) at gstpad.c:604
#9  0x00007ffff7b214e1 in check_sticky (event=0x7fffd0001920,
pad=0x7fffec055640) at gstpad.c:3864
#10 0x00007ffff7b214e1 in gst_pad_push_event (pad=pad at entry=0x7fffec055640,
event=0x7fffd0001920)
    at gstpad.c:5395
#11 0x00007ffff7b2164e in event_forward_func (pad=pad at entry=0x7fffec055640,
data=data at entry=0x7fffe198d400)
    at gstpad.c:2992
#12 0x00007ffff7b1ce7e in gst_pad_forward (pad=0x7fffec0435a0,
forward=forward at entry=0x7ffff7b21590 <event_forward_func>,
user_data=user_data at entry=0x7fffe198d400) at gstpad.c:2946
#13 0x00007ffff7b1cfb3 in gst_pad_event_default (pad=<optimized out>,
parent=<optimized out>, event=0x7fffd0001920) at gstpad.c:3043
#14 0x00007ffff7b169b7 in gst_pad_send_event_unchecked
(pad=pad at entry=0x7fffec0435a0, event=event at entry=0x7fffd0001920,
type=<optimized out>, type at entry=GST_PAD_PROBE_TYPE_EVENT_DOWNSTREAM) at
gstpad.c:5608
---Type <return> to continue, or q <return> to quit---
#15 0x00007ffff7b16e4e in gst_pad_push_event_unchecked
(pad=pad at entry=0x7fffec0553d0, event=0x7fffd0001920,
type=type at entry=GST_PAD_PROBE_TYPE_EVENT_DOWNSTREAM) at gstpad.c:5264
#16 0x00007ffff7b17250 in push_sticky (pad=pad at entry=0x7fffec0553d0,
ev=ev at entry=0x7fffe198d5d0, user_data=user_data at entry=0x7fffe198d630) at
gstpad.c:3807
#17 0x00007ffff7b14f47 in events_foreach (pad=pad at entry=0x7fffec0553d0,
func=func at entry=0x7ffff7b17100 <push_sticky>,
user_data=user_data at entry=0x7fffe198d630) at gstpad.c:604
#18 0x00007ffff7b214e1 in check_sticky (event=0x7fffd0001920,
pad=0x7fffec0553d0) at gstpad.c:3864
#19 0x00007ffff7b214e1 in gst_pad_push_event (pad=pad at entry=0x7fffec0553d0,
event=0x7fffd0001920)
    at gstpad.c:5395
#20 0x00007ffff7b2164e in event_forward_func (pad=pad at entry=0x7fffec0553d0,
data=data at entry=0x7fffe198d720)
    at gstpad.c:2992
#21 0x00007ffff7b1ce7e in gst_pad_forward (pad=0x7fffec043350,
forward=forward at entry=0x7ffff7b21590 <event_forward_func>,
user_data=user_data at entry=0x7fffe198d720) at gstpad.c:2946
#22 0x00007ffff7b1cfb3 in gst_pad_event_default (pad=<optimized out>,
parent=<optimized out>, event=0x7fffd0001920) at gstpad.c:3043
#23 0x00007ffff7b169b7 in gst_pad_send_event_unchecked
(pad=pad at entry=0x7fffec043350, event=event at entry=0x7fffd0001920,
type=<optimized out>, type at entry=GST_PAD_PROBE_TYPE_EVENT_DOWNSTREAM) at
gstpad.c:5608
#24 0x00007ffff7b16e4e in gst_pad_push_event_unchecked
(pad=pad at entry=0x7fffec05fb60, event=0x7fffd0001920,
type=type at entry=GST_PAD_PROBE_TYPE_EVENT_DOWNSTREAM) at gstpad.c:5264
#25 0x00007ffff7b17250 in push_sticky (pad=pad at entry=0x7fffec05fb60,
ev=ev at entry=0x7fffe198d8f0, user_data=user_data at entry=0x7fffe198d960) at
gstpad.c:3807
#26 0x00007ffff7b14f47 in events_foreach (pad=pad at entry=0x7fffec05fb60,
func=func at entry=0x7ffff7b17100 <push_sticky>,
user_data=user_data at entry=0x7fffe198d960) at gstpad.c:604
#27 0x00007ffff7b17694 in check_sticky (event=0x0, pad=0x7fffec05fb60) at
gstpad.c:3864
#28 0x00007ffff7b17694 in gst_pad_push_data (pad=pad at entry=0x7fffec05fb60,
type=type at entry=4112, data=data at entry=0x8406d0) at gstpad.c:4435
#29 0x00007ffff7b20162 in gst_pad_push (pad=pad at entry=0x7fffec05fb60,
buffer=buffer at entry=0x8406d0)
    at gstpad.c:4576
#30 0x00007fffe31b74f2 in gst_rtp_pt_demux_chain (pad=<optimized out>,
parent=<optimized out>, buf=0x8406d0)---Type <return> to continue, or q
<return> to quit---
 at gstrtpptdemux.c:442
#31 0x00007ffff7b17cd2 in gst_pad_chain_data_unchecked (data=0x8406d0,
type=4112, pad=0x7fffec05f260)
    at gstpad.c:4205
#32 0x00007ffff7b17cd2 in gst_pad_push_data (pad=pad at entry=0x7fffec05ede0,
type=type at entry=4112, data=<optimized out>, data at entry=0x8406d0) at
gstpad.c:4457
#33 0x00007ffff7b20162 in gst_pad_push (pad=0x7fffec05ede0,
buffer=buffer at entry=0x8406d0) at gstpad.c:4576
#34 0x00007fffe31ab37e in pop_and_push_next
(jitterbuffer=jitterbuffer at entry=0x7fffec0642e0, seqnum=29233)
    at gstrtpjitterbuffer.c:3377
#35 0x00007fffe31ac41a in handle_next_buffer (jitterbuffer=0x7fffec0642e0) at
gstrtpjitterbuffer.c:3476
#36 0x00007fffe31ac41a in gst_rtp_jitter_buffer_loop
(jitterbuffer=0x7fffec0642e0)
    at gstrtpjitterbuffer.c:4022
#37 0x00007ffff7b4b531 in gst_task_func (task=0x875b90) at gsttask.c:335
#38 0x00007ffff6a20b6e in  () at /usr/lib/libglib-2.0.so.0
#39 0x00007ffff6a20175 in  () at /usr/lib/libglib-2.0.so.0
#40 0x00007ffff638b2e7 in start_thread () at /usr/lib/libpthread.so.0
#41 0x00007ffff60cc54f in clone () at /usr/lib/libc.so.6

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list