[Bug 782333] New: h264parse: memory issues due to huge sps size

GStreamer (GNOME Bugzilla) bugzilla at gnome.org
Mon May 8 14:43:17 UTC 2017 

https://bugzilla.gnome.org/show_bug.cgi?id=782333

            Bug ID: 782333
           Summary: h264parse: memory issues due to huge sps size
    Classification: Platform
           Product: GStreamer
           Version: 1.8.3
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gst-plugins-bad
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: mparisdiaz at gmail.com
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

Hello,
I am dealing with some problems in h264parse related to memory allocation.
After some debugging it seems that the problem is related to the video
processed, which makes the parser to detect a huge SPS size (even it is out of
gint range).

I have logged out this values and in a execution I obtained:
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 3330, pps_size:
18
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 7415, pps_size:
25
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 15600, pps_size:
32
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 31838, pps_size:
39
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 64464, pps_size:
46
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 129648,
pps_size: 53
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 260112,
pps_size: 60
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 521007,
pps_size: 67
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 1042730,
pps_size: 74
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 2086173,
pps_size: 81
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 4173145,
pps_size: 88
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 8347119,
pps_size: 95
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 16694956,
pps_size: 102
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 33390795,
pps_size: 110
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 66782412,
pps_size: 118
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 133565776,
pps_size: 126
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 267132453,
pps_size: 134
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 534265844,
pps_size: 142
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 1068532668,
pps_size: 150
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: 2137066380,
pps_size: 158
gsth264parse.c:1309:gst_h264_parse_make_codec_data:  sps_size: -20833577,
pps_size: 166


We can also see the memory error detected with GDB:

GLib-ERROR **: /build/glib2.0-prJhLS/glib2.0-2.48.2/./glib/gmem.c:100: failed
to allocate 18446744073106744596 bytes

Thread 37 "queue2:src" received signal SIGTRAP, Trace/breakpoint trap.
[Switching to Thread 0x7fff6a7fc700 (LWP 30813)]
0x00007ffff6830a5b in g_logv () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
(gdb) 
(gdb) bt
#0  0x00007ffff6830a5b in g_logv () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007ffff6830bcf in g_log () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff682f744 in g_malloc () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff6846923 in g_slice_alloc () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007ffff6b208ea in _sysmem_new_block (flags=(unknown: 0),
maxsize=18446744073106744452, align=7, offset=0, size=18446744073106744445) at
gstallocator.c:414
#5  0x00007ffff6b2b8d2 in gst_buffer_new_allocate
(allocator=allocator at entry=0x0, size=size at entry=18446744073106744445,
params=params at entry=0x0) at gstbuffer.c:767
#6  0x00007fff9c072ff9 in gst_h264_parse_make_codec_data (h264parse=<optimized
out>) at gsth264parse.c:1309
#7  gst_h264_parse_update_src_caps (h264parse=h264parse at entry=0x135c960,
caps=caps at entry=0x0) at gsth264parse.c:1700
#8  0x00007fff9c074ebe in gst_h264_parse_parse_frame
(parse=parse at entry=0x135c960, frame=frame at entry=0x13599e0) at
gsth264parse.c:2052
#9  0x00007fff9c07603d in gst_h264_parse_handle_frame_packetized
(frame=0x13599e0, parse=0x135c960) at gsth264parse.c:1013
#10 gst_h264_parse_handle_frame (parse=0x135c960, frame=0x13599e0,
skipsize=<optimized out>) at gsth264parse.c:1065
#11 0x00007ffff07c3404 in gst_base_parse_handle_buffer
(parse=parse at entry=0x135c960, buffer=<optimized out>,
skip=skip at entry=0x7fff6a7fa9f8, flushed=flushed at entry=0x7fff6a7fa9fc) at
gstbaseparse.c:2145
#12 0x00007ffff07c7cee in gst_base_parse_chain (pad=<optimized out>,
parent=0x135c960, buffer=<optimized out>) at gstbaseparse.c:3209
#13 0x00007ffff6b5f59f in gst_pad_chain_data_unchecked (data=0x13d1450,
type=4112, pad=0x7fff7c015d80) at gstpad.c:4183
#14 gst_pad_push_data (pad=pad at entry=0x13565b0, type=type at entry=4112,
data=data at entry=0x13d1450) at gstpad.c:4435

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list