Skip to content

rtsp_server_subclass.rs: segmentation fault

I am trying to get the examples/src/bin/rtsp-server-subclass.rs to run, but it segfaults no matter what I do.

I have made a minimal reproducible example with the exact version of code I am using here: https://github.com/molysgaard/gstreamer-rs-rtsp-server-issue-example You can probably reproduce it from the main branch in this repository as well.

To reproduce, in one terminal run the rtsp-server-subclass binary.

And in another try to open the stream:

xdg-open rtsp://127.0.0.1:8554/test

Observe the following segfault in rtsp-server-subclass

Stream ready at rtsp://127.0.0.1:8554/test
Client RTSPClient { inner: TypedObjectRef { inner: 0x561f06f003b0, type: RsRTSPClient } } connected
Client BorrowedObject { ptr: 0x561f06f003b0, phantom: PhantomData<&rtsp::client::Client> } closed
Segmentation fault (core dumped)

I have run the example in a debugger, and it fails on check_requirements in rtsp_client.rs

unsafe extern "C" fn client_check_requirements<T: RTSPClientImpl>(
    ptr: *mut ffi::GstRTSPClient,
    ctx: *mut ffi::GstRTSPContext,
    arr: *mut *mut std::os::raw::c_char,
) -> *mut std::os::raw::c_char {
    let instance = &*(ptr as *mut T::Instance);
    let imp = instance.imp();

    imp.check_requirements(&from_glib_borrow(ctx), Vec::from_glib_none(arr).as_slice())
        .into_glib_ptr()
}

Here is a trace from valgrind.

$ valgrind --track-origins=yes target/debug/rtsp
==154148== Memcheck, a memory error detector
==154148== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==154148== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==154148== Command: target/debug/rtsp
==154148== 
==154149== Warning: invalid file descriptor 1024 in syscall close()
==154149== Warning: invalid file descriptor 1025 in syscall close()
==154149== Warning: invalid file descriptor 1026 in syscall close()
==154149== Warning: invalid file descriptor 1027 in syscall close()
==154149==    Use --log-fd=<number> to select an alternative log fd.
==154149== Warning: invalid file descriptor 1028 in syscall close()
==154149== Warning: invalid file descriptor 1029 in syscall close()
Stream ready at rtsp://127.0.0.1:8554/test
Client RTSPClient { inner: TypedObjectRef { inner: 0x63f7e50, type: RsRTSPClient } } connected
--154148-- WARNING: unhandled amd64-linux syscall: 315
--154148-- You may be able to write your own handler.
--154148-- Read the file README_MISSING_SYSCALL_OR_IOCTL.
--154148-- Nevertheless we consider this a bug.  Please report
--154148-- it at http://valgrind.org/support/bug_reports.html.
Client BorrowedObject { ptr: 0x63f7e50, phantom: PhantomData<&rtsp::client::Client> } closed
==154148== Thread 3 pool-rtsp:
==154148== Invalid read of size 1
==154148==    at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==154148==    by 0x16EA2F: core::ffi::c_str::CStr::from_ptr (c_str.rs:286)
==154148==    by 0x16775F: <alloc::string::String as glib::translate::FromGlibPtrNone<*mut i8>>::from_glib_none (translate.rs:1700)
==154148==    by 0x1577D5: glib::translate::from_glib_none (translate.rs:1622)
==154148==    by 0x167D2B: <alloc::string::String as glib::translate::FromGlibContainerAsVec<*mut i8,*const *mut i8>>::from_glib_none_num_as_vec (translate.rs:2081)
==154148==    by 0x167DAA: <alloc::string::String as glib::translate::FromGlibContainerAsVec<*mut i8,*mut *mut i8>>::from_glib_none_num_as_vec (translate.rs:2101)
==154148==    by 0x167DFC: <alloc::string::String as glib::translate::FromGlibPtrArrayContainerAsVec<*mut i8,*mut *mut i8>>::from_glib_none_as_vec (translate.rs:2132)
==154148==    by 0x1236C6: <alloc::vec::Vec<T> as glib::translate::FromGlibPtrContainer<P,PP>>::from_glib_none (translate.rs:2187)
==154148==    by 0x122B99: gstreamer_rtsp_server::subclass::rtsp_client::client_check_requirements (rtsp_client.rs:997)
==154148==    by 0x522EFF4: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.7.1.0)
==154148==    by 0x522E409: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.7.1.0)
==154148==    by 0x4A3130C: g_cclosure_marshal_generic (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.6400.6)
==154148==  Address 0x2 is not stack'd, malloc'd or (recently) free'd
==154148== 
==154148== 
==154148== Process terminating with default action of signal 11 (SIGSEGV)
==154148==  Access not within mapped region at address 0x2
==154148==    at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==154148==    by 0x16EA2F: core::ffi::c_str::CStr::from_ptr (c_str.rs:286)
==154148==    by 0x16775F: <alloc::string::String as glib::translate::FromGlibPtrNone<*mut i8>>::from_glib_none (translate.rs:1700)
==154148==    by 0x1577D5: glib::translate::from_glib_none (translate.rs:1622)
==154148==    by 0x167D2B: <alloc::string::String as glib::translate::FromGlibContainerAsVec<*mut i8,*const *mut i8>>::from_glib_none_num_as_vec (translate.rs:2081)
==154148==    by 0x167DAA: <alloc::string::String as glib::translate::FromGlibContainerAsVec<*mut i8,*mut *mut i8>>::from_glib_none_num_as_vec (translate.rs:2101)
==154148==    by 0x167DFC: <alloc::string::String as glib::translate::FromGlibPtrArrayContainerAsVec<*mut i8,*mut *mut i8>>::from_glib_none_as_vec (translate.rs:2132)
==154148==    by 0x1236C6: <alloc::vec::Vec<T> as glib::translate::FromGlibPtrContainer<P,PP>>::from_glib_none (translate.rs:2187)
==154148==    by 0x122B99: gstreamer_rtsp_server::subclass::rtsp_client::client_check_requirements (rtsp_client.rs:997)
==154148==    by 0x522EFF4: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.7.1.0)
==154148==    by 0x522E409: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.7.1.0)
==154148==    by 0x4A3130C: g_cclosure_marshal_generic (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.6400.6)
==154148==  If you believe this happened as a result of a stack
==154148==  overflow in your program's main thread (unlikely but
==154148==  possible), you can try to increase the size of the
==154148==  main thread stack using the --main-stacksize= flag.
==154148==  The main thread stack size used in this run was 8388608.
==154148== 
==154148== HEAP SUMMARY:
==154148==     in use at exit: 1,970,181 bytes in 24,924 blocks
==154148==   total heap usage: 96,707 allocs, 71,783 frees, 8,816,329 bytes allocated
==154148== 
==154148== LEAK SUMMARY:
==154148==    definitely lost: 16,384 bytes in 1 blocks
==154148==    indirectly lost: 0 bytes in 0 blocks
==154148==      possibly lost: 4,980 bytes in 62 blocks
==154148==    still reachable: 1,847,433 bytes in 24,453 blocks
==154148==                       of which reachable via heuristic:
==154148==                         length64           : 432 bytes in 9 blocks
==154148==                         newarray           : 1,648 bytes in 23 blocks
==154148==         suppressed: 0 bytes in 0 blocks
==154148== Rerun with --leak-check=full to see details of leaked memory
==154148== 
==154148== For lists of detected and suppressed errors, rerun with: -s
==154148== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)

I am at a loss here on how I can debug this further. It seems to require detailed glib understanding which I do not have currently.

System information

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.5 LTS
Release:	20.04
Codename:	focal

$ sudo apt show libgstreamer1.0-0
Package: libgstreamer1.0-0
Version: 1.16.3-0ubuntu1.1

$ sudo apt show libgstrtspserver-1.0-0
Package: libgstrtspserver-1.0-0
Version: 1.16.2-3
Edited by Morten Lysgaard
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information