[Bug 782812] New: gst_element_factory_make: Program received signal SIGSEGV, Segmentation fault. g_slice_alloc (mem_size=mem_size at entry=368)
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Fri May 19 00:41:51 UTC 2017
https://bugzilla.gnome.org/show_bug.cgi?id=782812
Bug ID: 782812
Summary: gst_element_factory_make: Program received signal
SIGSEGV, Segmentation fault. g_slice_alloc
(mem_size=mem_size at entry=368)
Classification: Platform
Product: GStreamer
Version: git master
OS: Linux
Status: NEW
Severity: normal
Priority: Normal
Component: gstreamer (core)
Assignee: gstreamer-bugs at lists.freedesktop.org
Reporter: minfrin at sharp.fm
QA Contact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
When attempting to add encodebin followed by decodebin into a bin element, the
second call to gst_element_factory_make() crashes as below.
This is happening on Raspbian Jesse with AddressSanitizer enabled, which
doesn't pick up any memory problems.
ASAN:DEADLYSIGNAL
=================================================================
==7169==ERROR: AddressSanitizer: SEGV on unknown address 0x00000006 (pc
0x7654dbc4 bp 0x00000168 sp 0x7e9e46b8 T0)
#0 0x7654dbc3 in g_slice_alloc
(/lib/arm-linux-gnueabihf/libglib-2.0.so.0+0x67bc3)
#1 0x76b120d3 in __asan::AsanOnDeadlySignal(int, void*, void*)
../../../../libsanitizer/asan/asan_posix.cc:79
#2 0x7635619f (/lib/arm-linux-gnueabihf/libc.so.6+0x2f19f)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/lib/arm-linux-gnueabihf/libglib-2.0.so.0+0x67bc3) in g_slice_alloc
==7169==ABORTING
Running the code through gdb allows us to get the following backtrace:
Program received signal SIGSEGV, Segmentation fault.
g_slice_alloc (mem_size=mem_size at entry=368) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./glib/gslice.c:998
998 /build/glib2.0-tTvduh/glib2.0-2.42.1/./glib/gslice.c: No such file or
directory.
(gdb) bt
#0 g_slice_alloc (mem_size=mem_size at entry=368) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./glib/gslice.c:998
#1 0x76558174 in g_slice_alloc0 (mem_size=mem_size at entry=368)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./glib/gslice.c:1032
#2 0x7663bccc in g_type_create_instance (type=<optimized out>)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gtype.c:1847
#3 0x7661aee4 in g_object_new_internal (class=0x7effe7ec,
class at entry=0x71a161b0, params=params at entry=0x7effe90c,
n_params=n_params at entry=3) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1774
#4 0x7661d300 in g_object_new_valist
(object_type=object_type at entry=1942040736,
first_property_name=first_property_name at entry=0x7697cc40 "name",
var_args=..., var_args at entry=...)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:2034
#5 0x7661d55c in g_object_new (object_type=1942040736,
first_property_name=0x7697cc40 "name")
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1617
#6 0x7679a0b0 in gst_ghost_pad_new_full (name=0x6eeffc00 "sink",
dir=GST_PAD_SINK, templ=0x74241df8)
at gstghostpad.c:633
#7 0x7679b2e4 in gst_ghost_pad_new_from_template (name=0x6eeffc00 "sink",
target=0x7481ad48, templ=0x74241df8)
at gstghostpad.c:749
#8 0x6eda5f90 in gst_decode_bin_init (decode_bin=0x7481c1f0) at
gstdecodebin2.c:1067
#9 0x7663bd60 in g_type_create_instance (type=<optimized out>)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gtype.c:1865
#10 0x7661aee4 in g_object_new_internal (class=0x8, class at entry=0x71c38440,
params=params at entry=0x0,
n_params=n_params at entry=0) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1774
#11 0x7661ced8 in g_object_newv (object_type=object_type at entry=1942035136,
n_parameters=n_parameters at entry=0,
parameters=parameters at entry=0x0) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1922
#12 0x7661d570 in g_object_new (object_type=1942035136,
first_property_name=0x0)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1614
#13 0x767850dc in gst_element_factory_create (factory=0x71edd890, name=0x0) at
gstelementfactory.c:372
#14 0x7678589c in gst_element_factory_make (factoryname=0x7473cd60 "decodebin",
name=0x0) at gstelementfactory.c:445
#15 0x74734a14 in gst_transcoder_decodebin_init (transcoder=0x748126d0) at
gsttranscoder.c:260
#16 0x74739df0 in gst_transcoder_start (transcoder=0x748126d0) at
gsttranscoder.c:734
#17 0x7473af50 in gst_transcoder_change_state (element=0x748126d0,
transition=GST_STATE_CHANGE_READY_TO_PAUSED)
at gsttranscoder.c:851
#18 0x7677c30c in gst_element_change_state (element=0x748126d0,
transition=GST_STATE_CHANGE_READY_TO_PAUSED)
at gstelement.c:2743
---Type <return> to continue, or q <return> to quit---
#19 0x7677b8e8 in gst_element_set_state_func (element=0x748126d0,
state=GST_STATE_PAUSED) at gstelement.c:2697
#20 0x7677ac2c in gst_element_set_state (element=0x748126d0,
state=GST_STATE_PAUSED) at gstelement.c:2598
#21 0x766ee1a0 in gst_bin_element_set_state (bin=0x74824098,
element=0x748126d0, base_time=0, start_time=0,
current=GST_STATE_READY, next=GST_STATE_PAUSED) at gstbin.c:2589
#22 0x766f0cec in gst_bin_change_state_func (element=0x74824098,
transition=GST_STATE_CHANGE_READY_TO_PAUSED)
at gstbin.c:2931
#23 0x7680c404 in gst_pipeline_change_state (element=0x74824098,
transition=GST_STATE_CHANGE_READY_TO_PAUSED)
at gstpipeline.c:500
#24 0x7677c30c in gst_element_change_state (element=0x74824098,
transition=GST_STATE_CHANGE_READY_TO_PAUSED)
at gstelement.c:2743
#25 0x76779fdc in gst_element_continue_state (element=0x74824098,
ret=GST_STATE_CHANGE_SUCCESS) at gstelement.c:2451
#26 0x7677ce80 in gst_element_change_state (element=0x74824098,
transition=GST_STATE_CHANGE_NULL_TO_READY)
at gstelement.c:2782
#27 0x7677b8e8 in gst_element_set_state_func (element=0x74824098,
state=GST_STATE_PAUSED) at gstelement.c:2697
#28 0x7677ac2c in gst_element_set_state (element=0x74824098,
state=GST_STATE_PAUSED) at gstelement.c:2598
#29 0x0001806c in main (argc=33, argv=0x7efff7f4) at gst-launch.c:1105
(gdb) bt full
#0 g_slice_alloc (mem_size=mem_size at entry=368) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./glib/gslice.c:998
ix = 45
tmem = 0x74203280
chunk_size = 368
mem = <optimized out>
#1 0x76558174 in g_slice_alloc0 (mem_size=mem_size at entry=368)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./glib/gslice.c:1032
mem = <optimized out>
#2 0x7663bccc in g_type_create_instance (type=<optimized out>)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gtype.c:1847
class = 0x71a161b0
allocated = <optimized out>
private_size = 48
ivar_size = 320
i = <optimized out>
#3 0x7661aee4 in g_object_new_internal (class=0x7effe7ec,
class at entry=0x71a161b0, params=params at entry=0x7effe90c,
n_params=n_params at entry=3) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1774
nqueue = 0x0
object = <optimized out>
__FUNCTION__ = "g_object_new_internal"
#4 0x7661d300 in g_object_new_valist
(object_type=object_type at entry=1942040736,
first_property_name=first_property_name at entry=0x7697cc40 "name",
var_args=..., var_args at entry=...)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:2034
stack_params = {{pspec = 0x74207030, value = 0x7effe880}, {pspec =
0x7420ac48, value = 0x7effe860}, {
pspec = 0x74205c98, value = 0x7effe840}, {pspec = 0x769bd980,
value = 0x768dee6c <gst_util_get_timestamp>}, {pspec = 0x0, value =
0x0}, {pspec = 0x0, value = 0x0}, {
pspec = 0x7effe980, value = 0xfdffd30}, {pspec = 0x7effe980, value
= 0x74402e10}, {
pspec = 0x76ffef10 <__stack_chk_guard>, value = 0x7effea0c}, {pspec
= 0x7679dfdc <gst_debug_log+244>,
value = 0x2eb}, {pspec = 0x0, value = 0x7697cee0}, {pspec =
0x7effea1c,
value = 0x7697d880 <__PRETTY_FUNCTION__.23977>}, {pspec =
0x7697c6e0, value = 0x6}, {
pspec = 0x74402e10, value = 0x74003520}, {pspec = 0xc28b4642, value
= 0x41b58ab3}, {pspec = 0x7697ecc0,
value = 0x7679dee8 <gst_debug_log>}}
params = 0x7effe90c
---Type <return> to continue, or q <return> to quit---up
name = 0x0
n_params = 3
class = <optimized out>
unref_class = <optimized out>
object = <optimized out>
__FUNCTION__ = "g_object_new_valist"
#5 0x7661d55c in g_object_new (object_type=1942040736,
first_property_name=0x7697cc40 "name")
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1617
var_args = {__ap = 0x7effe9d8}
__FUNCTION__ = "g_object_new"
#6 0x7679a0b0 in gst_ghost_pad_new_full (name=0x6eeffc00 "sink",
dir=GST_PAD_SINK, templ=0x74241df8)
at gstghostpad.c:633
ret = 0x6eeffc00
__func__ = "gst_ghost_pad_new_full"
#7 0x7679b2e4 in gst_ghost_pad_new_from_template (name=0x6eeffc00 "sink",
target=0x7481ad48, templ=0x74241df8)
at gstghostpad.c:749
ret = 0x74241df8
__func__ = "gst_ghost_pad_new_from_template"
__PRETTY_FUNCTION__ = "gst_ghost_pad_new_from_template"
#8 0x6eda5f90 in gst_decode_bin_init (decode_bin=0x7481c1f0) at
gstdecodebin2.c:1067
pad = 0x7481ad48
gpad = 0x700180c8
pad_tmpl = 0x74241df8
#9 0x7663bd60 in g_type_create_instance (type=<optimized out>)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gtype.c:1865
class = 0x71c38440
allocated = <optimized out>
private_size = <optimized out>
ivar_size = 416
i = 0
#10 0x7661aee4 in g_object_new_internal (class=0x8, class at entry=0x71c38440,
params=params at entry=0x0,
n_params=n_params at entry=0) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1774
nqueue = 0x0
---Type <return> to continue, or q <return> to quit---
object = <optimized out>
__FUNCTION__ = "g_object_new_internal"
#11 0x7661ced8 in g_object_newv (object_type=object_type at entry=1942035136,
n_parameters=n_parameters at entry=0,
parameters=parameters at entry=0x0) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1922
class = 0x71c38440
unref_class = <optimized out>
object = <optimized out>
__FUNCTION__ = "g_object_newv"
#12 0x7661d570 in g_object_new (object_type=1942035136,
first_property_name=0x0)
at /build/glib2.0-tTvduh/glib2.0-2.42.1/./gobject/gobject.c:1614
var_args = {__ap = 0x7679dee8 <gst_debug_log>}
__FUNCTION__ = "g_object_new"
#13 0x767850dc in gst_element_factory_create (factory=0x71edd890, name=0x0) at
gstelementfactory.c:372
element = 0x7482b040
oclass = 0x7473cd60
newfactory = 0x71edd890
__func__ = "gst_element_factory_create"
__PRETTY_FUNCTION__ = "gst_element_factory_create"
#14 0x7678589c in gst_element_factory_make (factoryname=0x7473cd60 "decodebin",
name=0x0) at gstelementfactory.c:445
factory = 0x71edd890
element = 0x7474ea1c
__func__ = "gst_element_factory_make"
__PRETTY_FUNCTION__ = "gst_element_factory_make"
Going up to step #6, and looking at the variables being passed, we see the
following:
#6 0x7679a0b0 in gst_ghost_pad_new_full (name=0x6eeffc00 "sink",
dir=GST_PAD_SINK, templ=0x74241df8)
at gstghostpad.c:633
633 ret = g_object_new (GST_TYPE_GHOST_PAD, "name", name,
(gdb) print name
$1 = (const gchar *) 0x6eeffc00 "sink"
(gdb) print dir
$2 = GST_PAD_SINK
(gdb) print templ
$3 = (GstPadTemplate *) 0x74241df8
(gdb) print *templ
$4 = {object = {object = {g_type_instance = {g_class = 0x724486b0}, ref_count =
2, qdata = 0x74c882a2}, lock = {
p = 0x0, i = {0, 0}}, name = 0x746466d0 "sink", parent = 0x0, flags = 1,
control_bindings = 0x0,
control_rate = 100000000, last_sync = 18446744073709551615, _gst_reserved =
0x0},
name_template = 0x74646690 "sink", direction = GST_PAD_SINK, presence =
GST_PAD_ALWAYS, caps = 0x74089028,
_gst_reserved = {0x0, 0x0, 0x0, 0x0}}
Is there anything inside GstPadTemplate that might trigger a segfault by
accessing NULL+6?
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list