bugzilla-daemon at freedesktop.org
2009-Apr-01 19:52 UTC
[Swfdec] [Bug 21004] New: segfault loading www.serjtankian. com in swfdec_buffer_ref at swfdec_buffer.c:269
http://bugs.freedesktop.org/show_bug.cgi?id=21004
Summary: segfault loading www.serjtankian.com in
swfdec_buffer_ref at swfdec_buffer.c:269
Product: swfdec
Version: unspecified
Platform: Other
URL: http://www.serjtankian.com
OS/Version: All
Status: NEW
Severity: critical
Priority: medium
Component: library
AssignedTo: swfdec at lists.freedesktop.org
ReportedBy: riccardo at datahost.it
QAContact: swfdec at lists.freedesktop.org
Stacktrace with swfdec 0.8.4:
SWFDEC: ERROR: swfdec_video_decoder_gst.c(156):
swfdec_video_decoder_gst_decode: failed to pull decoded buffer. Broken stream?
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf5346ac0 (LWP 5067)]
swfdec_buffer_ref (buffer=0x201) at swfdec_buffer.c:269
269 swfdec_buffer.c: No such file or directory.
in swfdec_buffer.c
(gdb) bt full
#0 swfdec_buffer_ref (buffer=0x201) at swfdec_buffer.c:269
__PRETTY_FUNCTION__ = "swfdec_buffer_ref"
#1 0xf35938f6 in swfdec_video_decoder_gst_decode (dec=0xa0934b0, buffer=0x201)
at swfdec_video_decoder_gst.c:148
player = (SwfdecVideoDecoderGst *) 0xa0934b0
buf = <value optimized out>
caps = <value optimized out>
structure = <value optimized out>
__PRETTY_FUNCTION__ = "swfdec_video_decoder_gst_decode"
#2 0xf35fd3b6 in swfdec_video_decoder_decode (decoder=0xa0934b0, buffer=0x201)
at swfdec_video_decoder.c:195
__PRETTY_FUNCTION__ = "swfdec_video_decoder_decode"
#3 0xf35ffbef in swfdec_video_video_provider_get_image (prov=0xa3b1940,
renderer=0xa23bd40, width=0xffc318e8, height=0xffc318e4) at
swfdec_video_video_provider.c:115
provider = (SwfdecVideoVideoProvider *) 0xa3b1940
cached = <value optimized out>
frame = (SwfdecVideoFrame *) 0xa8cd1f8
surface = <value optimized out>
w = <value optimized out>
h = <value optimized out>
__PRETTY_FUNCTION__ = "swfdec_video_video_provider_get_image"
#4 0xf35ff5dd in swfdec_video_provider_get_image (provider=0xa3b1940,
renderer=0xa23bd40, width=0xffc318e8, height=0xffc318e4) at
swfdec_video_provider.c:89
__PRETTY_FUNCTION__ = "swfdec_video_provider_get_image"
#5 0xf35fe7d3 in swfdec_video_movie_render (mov=0xbb5a000, cr=0xc3e2c60,
trans=0xffc319c4) at swfdec_video_movie.c:59
surface = <value optimized out>
width = <value optimized out>
height = <value optimized out>
#6 0xf35b67f2 in swfdec_movie_render (movie=0xbb5a000, cr=0xc3e2c60,
color_transform=0xffc31b64) at swfdec_movie.c:804
trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb 0,
aa = 256, ab = 0}
group = 0
__PRETTY_FUNCTION__ = "swfdec_movie_render"
#7 0xf35b8e3a in swfdec_movie_do_render (movie=0xa2a8ea8, cr=0xc3e2c60,
ctrans=0xffc31b64) at swfdec_movie.c:1311
child = (SwfdecMovie *) 0xbb5a000
g = (GList *) 0xa37e280
walk = <value optimized out>
clips = (GSList *) 0x0
clip = (ClipEntry *) 0x0
ident = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, y0 = 0}
__PRETTY_FUNCTION__ = "swfdec_movie_do_render"
matrix = {xx = 0.050000000000000003, yx = 0, xy = 0, yy
0.050000000000000003, x0 = 0, y0 = 0}
#8 0xf35b67f2 in swfdec_movie_render (movie=0xa2a8ea8, cr=0xc3e2c60,
color_transform=0xffc31d04) at swfdec_movie.c:804
trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb 0,
aa = 256, ab = 0}
group = 1
__PRETTY_FUNCTION__ = "swfdec_movie_render"
#9 0xf35b8e3a in swfdec_movie_do_render (movie=0xa2a8aa8, cr=0xc3e2c60,
ctrans=0xffc31d04) at swfdec_movie.c:1311
child = (SwfdecMovie *) 0xa2a8ea8
g = (GList *) 0xa3650a0
walk = <value optimized out>
clips = (GSList *) 0x0
clip = (ClipEntry *) 0x0
ident = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, y0 = 0}
---Type <return> to continue, or q <return> to quit---
__PRETTY_FUNCTION__ = "swfdec_movie_do_render"
matrix = {xx = 0.050000000000000003, yx = 0, xy = 0, yy
0.050000000000000003, x0 = 0, y0 = 0}
#10 0xf35b67f2 in swfdec_movie_render (movie=0xa2a8aa8, cr=0xc3e2c60,
color_transform=0xffc31ea4) at swfdec_movie.c:804
trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb 0,
aa = 256, ab = 0}
group = 0
__PRETTY_FUNCTION__ = "swfdec_movie_render"
#11 0xf35b8e3a in swfdec_movie_do_render (movie=0xa2a88a8, cr=0xc3e2c60,
ctrans=0xffc31ea4) at swfdec_movie.c:1311
child = (SwfdecMovie *) 0xa2a8aa8
g = (GList *) 0xa37e2a0
walk = <value optimized out>
clips = (GSList *) 0x0
clip = (ClipEntry *) 0x0
ident = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, y0 = 0}
__PRETTY_FUNCTION__ = "swfdec_movie_do_render"
matrix = {xx = 0.050000000000000003, yx = 0, xy = 0, yy
0.050000000000000003, x0 = 0, y0 = 0}
#12 0xf35b67f2 in swfdec_movie_render (movie=0xa2a88a8, cr=0xc3e2c60,
color_transform=0xf361ed60) at swfdec_movie.c:804
trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb 0,
aa = 256, ab = 0}
group = 0
__PRETTY_FUNCTION__ = "swfdec_movie_render"
#13 0xf35c7606 in swfdec_player_render_with_renderer (player=0xa29e018,
cr=0xc3e2c60, renderer=0xa23bd40) at swfdec_player.c:3148
movie = (SwfdecMovie *) 0x201
priv = <value optimized out>
walk = (GList *) 0xa37e120
trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb 0,
aa = 256, ab = 0}
__PRETTY_FUNCTION__ = "swfdec_player_render_with_renderer"
#14 0xf35c787a in swfdec_player_render (player=0xa29e018, cr=0xc3e2c60) at
swfdec_player.c:3100
__PRETTY_FUNCTION__ = "swfdec_player_render"
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
bugzilla-daemon at freedesktop.org
2009-Apr-01 20:33 UTC
[Swfdec] [Bug 21004] segfault loading www.serjtankian. com in swfdec_buffer_ref at swfdec_buffer.c:269
http://bugs.freedesktop.org/show_bug.cgi?id=21004 --- Comment #1 from Riccardo Magliocchetti <riccardo at datahost.it> 2009-04-01 13:33:18 PST --- valgrind output from latest git: ==5344== ==5344== Conditional jump or move depends on uninitialised value(s) ==5344== at 0x128B5B04: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:114) ==5344== by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89) ==5344== by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1287CDE5: swfdec_player_render_with_renderer (swfdec_player.c:3201) ==5344== by 0x1287D059: swfdec_player_render (swfdec_player.c:3153) ==5344== ==5344== Conditional jump or move depends on uninitialised value(s) ==5344== at 0x1285148C: swfdec_buffer_ref (swfdec_buffer.c:268) ==5344== by 0x12845BF5: swfdec_video_decoder_gst_decode (swfdec_video_decoder_gst.c:148) ==5344== by 0x128B3475: swfdec_video_decoder_decode (swfdec_video_decoder.c:195) ==5344== by 0x128B5AEE: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:115) ==5344== by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89) ==5344== by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== ==5344== Use of uninitialised value of size 4 ==5344== at 0x1285148E: swfdec_buffer_ref (swfdec_buffer.c:269) ==5344== by 0x12845BF5: swfdec_video_decoder_gst_decode (swfdec_video_decoder_gst.c:148) ==5344== by 0x128B3475: swfdec_video_decoder_decode (swfdec_video_decoder.c:195) ==5344== by 0x128B5AEE: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:115) ==5344== by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89) ==5344== by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== ==5344== Invalid read of size 4 ==5344== at 0x1285148E: swfdec_buffer_ref (swfdec_buffer.c:269) ==5344== by 0x12845BF5: swfdec_video_decoder_gst_decode (swfdec_video_decoder_gst.c:148) ==5344== by 0x128B3475: swfdec_video_decoder_decode (swfdec_video_decoder.c:195) ==5344== by 0x128B5AEE: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:115) ==5344== by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89) ==5344== by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== Address 0x17 is not stack'd, malloc'd or (recently) free'd ==5344== ==5344== Process terminating with default action of signal 11 (SIGSEGV) ==5344== Access not within mapped region at address 0x17 ==5344== at 0x1285148E: swfdec_buffer_ref (swfdec_buffer.c:269) ==5344== by 0x12845BF5: swfdec_video_decoder_gst_decode (swfdec_video_decoder_gst.c:148) ==5344== by 0x128B3475: swfdec_video_decoder_decode (swfdec_video_decoder.c:195) ==5344== by 0x128B5AEE: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:115) ==5344== by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89) ==5344== by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822) ==5344== by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244) ==5344== If you believe this happened as a result of a stack overflow in your ==5344== program's main thread (unlikely but possible), you can try to increase ==5344== the size of the main thread stack using the --main-stacksize= flag. ==5344== The main thread stack size used in this run was 8388608. -- Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug.