openh264: decoder crashes when playing a Twitter HLS stream
Steps to reproduce:
- In gst-build, bump our openh264.wrap to latest git master (987cc5f512416873aea6ef7b9acd8acea5b327b0)
- Rebuild
- In devenv shell, move libgstlibav.so away so it's not picked up by decodebin
- Get the HLS url:
youtube-dl -g https://twitter.com/alex_v_morrison/status/1185638510314885121
gst-play-1.0 <url>
The first fragment plays fine, abeit some TS demux warnings but then the second fragment triggers a crash
0:00:00.476089649 17879 0x55bbe06c89e0 WARN tsdemux tsdemux.c:2434:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 0, stream 2
0:00:00.487246878 17879 0x55bbe06c89e0 WARN tsdemux tsdemux.c:2434:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 0, stream 4
0:00:01.265903785 17879 0x55bbe06c89e0 WARN tsdemux tsdemux.c:2434:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 0, stream 8
0:00:01.532643068 17879 0x55bbe06c89e0 WARN tsdemux tsdemux.c:2434:gst_ts_demux_queue_data: CONTINUITY: Mismatch packet 0, stream 0
0:00:03.333362404 17879 0x55bbe06c88f0 WARN openh264dec :0::<openh264dec0> [OpenH264] this = 0x0x7f0500040bf0, Warning:referencing pictures lost due frame gaps exist, prev_frame_num: 14, curr_frame_num: 1
0:00:03.349781821 17879 0x55bbe06c88f0 ERROR openh264dec :0::<openh264dec0> [OpenH264] this = 0x0x7f0500040bf0, Error:Ref Picture for B-Slice is lost, B-Slice decoding cannot be continued!
0:00:03.349811489 17879 0x55bbe06c88f0 WARN openh264dec :0::<openh264dec0> [OpenH264] this = 0x0x7f0500040bf0, Warning:DecodeCurrentAccessUnit() failed (394291) in frame: 2 uiDId: 0 uiQId: 0
Thread 11 "multiqueue1:src" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd2ffd700 (LWP 18820)]
0x00007fffd04e288f in _ZN7WelsDec12CWelsDecoder19DecodeFrame2WithCtxEPNS_21TagWelsDecoderContextEPKhiPPhP13TagBufferInfo (this=0x7fffc80400c0, pDecContext=0x7fffd0375020, kpSrc=0x7fffc806f700 "",
kiSrcLen=3293, ppDst=0x7fffd2ffc040, pDstInfo=0x7fffd2ffc060) at ../subprojects/openh264/codec/decoder/plus/src/welsDecoderExt.cpp:715
715 if (pDecContext == NULL || pDecContext->pParam == NULL) {
(gdb) bt
#0 0x00007fffd04e288f in _ZN7WelsDec12CWelsDecoder19DecodeFrame2WithCtxEPNS_21TagWelsDecoderContextEPKhiPPhP13TagBufferInfo
(this=0x7fffc80400c0, pDecContext=0x7fffd0375020, kpSrc=0x7fffc806f700 "", kiSrcLen=3293, ppDst=0x7fffd2ffc040, pDstInfo=0x7fffd2ffc060)
at ../subprojects/openh264/codec/decoder/plus/src/welsDecoderExt.cpp:715
#1 0x00007fffd04e333d in _ZN7WelsDec12CWelsDecoder18DecodeFrameNoDelayEPKhiPPhP13TagBufferInfo
(this=0x7fffc80400c0, kpSrc=<optimized out>, kiSrcLen=<optimized out>, ppDst=0x7fffd2ffc040, pDstInfo=0x7fffd2ffc060) at ../subprojects/openh264/codec/decoder/plus/src/welsDecoderExt.cpp:696
#2 0x00007ffff0662b5c in gst_openh264dec_handle_frame(GstVideoDecoder*, GstVideoCodecFrame*) (decoder=0x7fffc803b6d0 [GstOpenh264Dec], frame=0x7fffc80291f0)
at ../subprojects/gst-plugins-bad/ext/openh264/gstopenh264dec.cpp:293
#3 0x00007ffff7f102cb in gst_video_decoder_decode_frame (decoder=decoder@entry=0x7fffc803b6d0 [GstOpenh264Dec], frame=0x7fffc80291f0)
at ../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:3473
#4 0x00007ffff7f15478 in gst_video_decoder_chain_forward (decoder=decoder@entry=0x7fffc803b6d0 [GstOpenh264Dec], buf=buf@entry=0x7fffcc042360, at_eos=at_eos@entry=0)
at ../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:2188
#5 0x00007ffff7f15b89 in gst_video_decoder_chain (pad=<optimized out>, parent=<optimized out>, buf=0x7fffcc042360) at ../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:2503
#6 0x00007ffff7e1c4ef in gst_pad_chain_data_unchecked (pad=pad@entry=0x7fffc401da10 [GstPad], type=type@entry=4112, data=data@entry=0x7fffcc042360) at ../subprojects/gstreamer/gst/gstpad.c:4399
#7 0x00007ffff7e1e5d1 in gst_pad_push_data (pad=pad@entry=0x7fffc401c2f0 [GstPad], type=type@entry=4112, data=data@entry=0x7fffcc042360) at ../subprojects/gstreamer/gst/gstpad.c:4655
#8 0x00007ffff7e25483 in gst_pad_push (pad=0x7fffc401c2f0 [GstPad], buffer=0x7fffcc042360) at ../subprojects/gstreamer/gst/gstpad.c:4774
#9 0x00007ffff77df983 in gst_base_transform_chain (pad=<optimized out>, parent=0x7fffc4022180 [GstCapsFilter], buffer=<optimized out>) at ../subprojects/gstreamer/libs/gst/base/gstbasetransform.c:2330
#10 0x00007ffff7e1c4ef in gst_pad_chain_data_unchecked (pad=pad@entry=0x7fffc401c0a0 [GstPad], type=type@entry=4112, data=data@entry=0x7fffcc042360) at ../subprojects/gstreamer/gst/gstpad.c:4399
#11 0x00007ffff7e1e5d1 in gst_pad_push_data (pad=pad@entry=0x7fffd400bc80 [GstPad], type=type@entry=4112, data=data@entry=0x7fffcc042360) at ../subprojects/gstreamer/gst/gstpad.c:4655
#12 0x00007ffff7e25483 in gst_pad_push (pad=0x7fffd400bc80 [GstPad], buffer=buffer@entry=0x7fffcc042360) at ../subprojects/gstreamer/gst/gstpad.c:4774
#13 0x00007ffff77c0dc7 in gst_base_parse_push_frame (parse=parse@entry=0x7fffc401ad10 [GstH264Parse], frame=frame@entry=0x55555577b6d0) at ../subprojects/gstreamer/libs/gst/base/gstbaseparse.c:2580
#14 0x00007ffff77c3b71 in gst_base_parse_handle_and_push_frame (frame=0x55555577b6d0, parse=0x7fffc401ad10 [GstH264Parse]) at ../subprojects/gstreamer/libs/gst/base/gstbaseparse.c:2394
#15 0x00007ffff77c3b71 in gst_base_parse_finish_frame (parse=parse@entry=0x7fffc401ad10 [GstH264Parse], frame=frame@entry=0x55555577b6d0, size=size@entry=3293)
at ../subprojects/gstreamer/libs/gst/base/gstbaseparse.c:2738
#16 0x00007ffff0721ebd in gst_h264_parse_handle_frame (parse=0x7fffc401ad10 [GstH264Parse], frame=0x55555577b6d0, skipsize=0x7fffd2ffcb5c) at ../subprojects/gst-plugins-bad/gst/videoparsers/gsth264parse.c:1351
#17 0x00007ffff77bba06 in gst_base_parse_handle_buffer (parse=parse@entry=0x7fffc401ad10 [GstH264Parse], buffer=<optimized out>, skip=skip@entry=0x7fffd2ffcb5c, flushed=flushed@entry=0x7fffd2ffcb60)
at ../subprojects/gstreamer/libs/gst/base/gstbaseparse.c:2202
#18 0x00007ffff77c1a3e in gst_base_parse_chain (pad=<optimized out>, parent=<optimized out>, buffer=<optimized out>) at ../subprojects/gstreamer/libs/gst/base/gstbaseparse.c:3287
#19 0x00007ffff7e1c4ef in gst_pad_chain_data_unchecked (pad=pad@entry=0x7fffd400ba30 [GstPad], type=type@entry=4112, data=data@entry=0x7fffc412b6c0) at ../subprojects/gstreamer/gst/gstpad.c:4399
#20 0x00007ffff7e1e5d1 in gst_pad_push_data (pad=pad@entry=0x7fffd400b7e0 [GstMultiQueuePad], type=type@entry=4112, data=data@entry=0x7fffc412b6c0) at ../subprojects/gstreamer/gst/gstpad.c:4655
#21 0x00007ffff7e25483 in gst_pad_push (pad=pad@entry=0x7fffd400b7e0 [GstMultiQueuePad], buffer=buffer@entry=0x7fffc412b6c0) at ../subprojects/gstreamer/gst/gstpad.c:4774
#22 0x00007ffff4700bc0 in gst_single_queue_push_one (allow_drop=<synthetic pointer>, object=0x7fffc412b6c0, sq=0x7fffc40174d0, mq=0x7fffd800a720 [GstMultiQueue])
at ../subprojects/gstreamer/plugins/elements/gstmultiqueue.c:1714
#23 0x00007ffff4700bc0 in gst_multi_queue_loop (pad=<optimized out>) at ../subprojects/gstreamer/plugins/elements/gstmultiqueue.c:2041
#24 0x00007ffff7e52b8f in gst_task_func (task=0x7fffd8017290 [GstTask]) at ../subprojects/gstreamer/gst/gsttask.c:328
#25 0x00007ffff7bf4404 in g_thread_pool_thread_proxy (data=<optimized out>) at ../../../glib/gthreadpool.c:308
#26 0x00007ffff7bf3d0d in g_thread_proxy (data=0x5555556170f0) at ../../../glib/gthread.c:805
#27 0x00007ffff777ffb7 in start_thread (arg=<optimized out>) at pthread_create.c:486
#28 0x00007ffff79122cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Originally reported in WebKit's bugzilla: https://bugs.webkit.org/show_bug.cgi?id=203907
Edited by Philippe Normand