jpegdec: Segfault in libgstjpeg gst_jpeg_dec_handle_frame
Describe your issue
Capturing a mjpeg stream through pipewire from a uvc camera has visual glitching and crashes with a segfault in libgstjpeg. I am using libjpeg-turbo.
Setup
- Operating System: buildroot
- Device: Computer
- GStreamer Version: 1.20.1
- Command line: N/A
Steps to reproduce the bug
- open mjpeg camera stream in wpewebkit
How reproducible is the bug?
Within minutes
Related non-duplicate issues
Additional Information
(gdb) bt
#0 gst_jpeg_dec_handle_frame (bdec=0x7f5e2c1e9a00, frame=0x7f5e80089a00) at ../ext/jpeg/gstjpegdec.c:1352
#1 0x00007f5ef8259977 in gst_video_decoder_decode_frame (decoder=decoder@entry=0x7f5e2c1e9a00, frame=frame@entry=0x7f5e80089a00) at ../gst-libs/gst/video/gstvideodecoder.c:4003
#2 0x00007f5ef8259d6c in gst_video_decoder_chain_forward (decoder=decoder@entry=0x7f5e2c1e9a00, buf=buf@entry=0x7f5e30122d80, at_eos=at_eos@entry=0) at ../gst-libs/gst/video/gstvideodecoder.c:2489
#3 0x00007f5ef825bd67 in gst_video_decoder_chain (pad=<optimized out>, parent=0x7f5e2c1e9a00, buf=0x7f5e30122d80) at ../gst-libs/gst/video/gstvideodecoder.c:2831
#4 0x00007f5efaf27a18 in gst_pad_chain_data_unchecked (pad=pad@entry=0x5646094e0c10, type=type@entry=4112, data=data@entry=0x7f5e30122d80) at ../gst/gstpad.c:4447
#5 0x00007f5efaf2935e in gst_pad_push_data (pad=pad@entry=0x5646094e0520, type=type@entry=4112, data=data@entry=0x7f5e30122d80) at ../gst/gstpad.c:4711
#6 0x00007f5efaf2e377 in gst_pad_push (pad=pad@entry=0x5646094e0520, buffer=buffer@entry=0x7f5e30122d80) at ../gst/gstpad.c:4830
#7 0x00007f5e8af381b9 in gst_single_queue_push_one (allow_drop=<synthetic pointer>, object=0x7f5e30122d80, sq=0x7f5e301326e0, mq=0x564609480730) at ../plugins/elements/gstmultiqueue.c:1941
#8 gst_multi_queue_loop (pad=<optimized out>) at ../plugins/elements/gstmultiqueue.c:2270
#9 0x00007f5efaf4ddf4 in gst_task_func (task=0x7f5e30122710) at ../gst/gsttask.c:384
#10 0x00007f5efb0b16db in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354
#11 0x00007f5efb0b1044 in g_thread_proxy (data=0x7f5eac09b120) at ../glib/gthread.c:827
#12 0x00007f5efab2d0e6 in start_thread (arg=<optimized out>) at pthread_create.c:442
#13 0x00007f5efab93fec in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
(gdb) bt full
#0 gst_jpeg_dec_handle_frame (bdec=0x7f5e2c1e9a00, frame=0x7f5e80089a00) at ../ext/jpeg/gstjpegdec.c:1352
ret = GST_FLOW_OK
dec = 0x7f5e2c1e9a00
vframe = {info = {finfo = 0x7f5ef82bb8a8 <formats+488>, interlace_mode = GST_VIDEO_INTERLACE_MODE_PROGRESSIVE, flags = GST_VIDEO_FLAG_NONE, width = 1280, height = 720, size = 1382400, views = 1,
chroma_site = GST_VIDEO_CHROMA_SITE_NONE, colorimetry = {range = GST_VIDEO_COLOR_RANGE_0_255, matrix = GST_VIDEO_COLOR_MATRIX_BT601, transfer = GST_VIDEO_TRANSFER_UNKNOWN,
primaries = GST_VIDEO_COLOR_PRIMARIES_UNKNOWN}, par_n = 1, par_d = 1, fps_n = 30, fps_d = 1, offset = {0, 921600, 1152000, 0}, stride = {1280, 640, 640, 0}, ABI = {abi = {
multiview_mode = GST_VIDEO_MULTIVIEW_MODE_MONO, multiview_flags = GST_VIDEO_MULTIVIEW_FLAGS_NONE, field_order = GST_VIDEO_FIELD_ORDER_UNKNOWN}, _gst_reserved = {0x0, 0x0, 0x0, 0x0}}},
flags = GST_VIDEO_FRAME_FLAG_NONE, buffer = 0x7f5e9009fa20, meta = 0x0, id = -1, data = {0x7f5dd9600078, 0x7f5dd96e1078, 0x7f5dd9719478, 0x7f5e897dcdc7}, map = {{memory = 0x7f5dd9600000,
flags = (GST_MAP_READ | GST_MAP_WRITE),
data = 0x7f5dd9600078 "RPNMMMOQVZ^_^\\\\]][WSPQUZ`_]ZXXYZZYXXXYYYYWWZ\\\\\\^^\\\\]]\\[[XXZ\\^`aa`aa_\\[[ZZZYWUSRRSSSRSVY\\^]\\[[[[[\\[YXVUX[^^__^]\\\\\\]^``a``a_][[ZZYZ[[[[^aaa`__]\\]_aa_]^`aa__`bcbabb`^]\\]_`cdda__bcfeccdcb``cgkmllkiijjjiii"..., size = 1382400, maxsize = 1382400, user_data = {0x481482b536055200, 0x7f5ef829b08b, 0x7f5efafb59e0 <_gst_debug_min>, 0x56460940d6e0}, _gst_reserved = {
0x7f5efaf1eb38 <gst_debug_log_valist+77>, 0x7f5dddd095e0, 0x7f5efaf76fbb, 0x7f5e857205e0}}, {memory = 0x7f5e857205e0, flags = (unknown: 740203288),
data = 0x7f5efb0ceb03 <g_private_get+6> "\213\070Z\351\025\307\371\377H\203\354\030H\211t$\b\350\327\373\377\377H\213t$\b\213\070\350;\322\371\377\205\300t\016\211\307H\215\065\242\203\006", size = 0,
maxsize = 5193919985072034304, user_data = {0x7f5dddd095a0, 0x7f5dddd09780, 0x7f5eac091800, 0x3010}, _gst_reserved = {0x7f5dddd098a0, 0x7f5dddd09780, 0x30101, 0x7f5efaf1ec66 <gst_debug_log+139>}}, {
memory = 0x7f5efaf76fbb, flags = (unknown: 3721434592), data = 0x3000000030 <error: Cannot access memory at address 0x3000000030>, size = 140045913811768, maxsize = 140041130120832, user_data = {
0x7f5ef8299d3b, 0x18, 0x5646094e0c10, 0x4b1e}, _gst_reserved = {0x7f5e857205e0, 0x7f5efafb59e0 <_gst_debug_min>, 0x481482b536055200, 0x3}}, {memory = 0x7f5e2c1e9800, flags = (unknown: 2148047360),
data = 0x7f5e2c1e9a00 "\240\337\v,^\177", size = 140045914429920, maxsize = 0, user_data = {0x31, 0x7f5efaf1ec66 <gst_debug_log+139>, 0x7f5ef8299d3b, 0x7f5dddd09680}, _gst_reserved = {0x3000000030,
0x7f5dddd09768, 0x7f5ef8299d3b, 0x0}}}, _gst_reserved = {0x7f5e80089a00, 0x7f5e2c1e9a00, 0x7f5efafb59e0 <_gst_debug_min>, 0x7f5efb0ceb03 <g_private_get+6>}}
num_fields = <optimized out>
output_height = <optimized out>
height = <optimized out>
width = <optimized out>
code = <optimized out>
need_unmap = 1
state = 0x0
release_frame = 1
has_eoi = <optimized out>
data = 0x7f5dcced4078 "\377\330\377", <incomplete sequence \333>
nbytes = 180540
__func__ = "gst_jpeg_dec_handle_frame"
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
#1 0x00007f5ef8259977 in gst_video_decoder_decode_frame (decoder=decoder@entry=0x7f5e2c1e9a00, frame=frame@entry=0x7f5e80089a00) at ../gst-libs/gst/video/gstvideodecoder.c:4003
priv = 0x7f5e2c1e9800
decoder_class = 0x7f5e2c0bdfa0
ret = GST_FLOW_OK
__func__ = "gst_video_decoder_decode_frame"
#2 0x00007f5ef8259d6c in gst_video_decoder_chain_forward (decoder=decoder@entry=0x7f5e2c1e9a00, buf=buf@entry=0x7f5e30122d80, at_eos=at_eos@entry=0) at ../gst-libs/gst/video/gstvideodecoder.c:2489
frame = 0x7f5e80089a00
was_keyframe = 1
priv = 0x7f5e2c1e9800
klass = <optimized out>
ret = GST_FLOW_OK
__func__ = "gst_video_decoder_chain_forward"
#3 0x00007f5ef825bd67 in gst_video_decoder_chain (pad=<optimized out>, parent=0x7f5e2c1e9a00, buf=0x7f5e30122d80) at ../gst-libs/gst/video/gstvideodecoder.c:2831
decoder = 0x7f5e2c1e9a00
ret = GST_FLOW_OK
__func__ = "gst_video_decoder_chain"
#4 0x00007f5efaf27a18 in gst_pad_chain_data_unchecked (pad=pad@entry=0x5646094e0c10, type=type@entry=4112, data=data@entry=0x7f5e30122d80) at ../gst/gstpad.c:4447
chainfunc = 0x7f5ef825ba83 <gst_video_decoder_chain>
ret = <optimized out>
parent = 0x7f5e2c1e9a00
handled = 0
__func__ = "gst_pad_chain_data_unchecked"
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
#5 0x00007f5efaf2935e in gst_pad_push_data (pad=pad@entry=0x5646094e0520, type=type@entry=4112, data=data@entry=0x7f5e30122d80) at ../gst/gstpad.c:4711
peer = 0x5646094e0c10
ret = <optimized out>
handled = 0
__func__ = "gst_pad_push_data"
_g_boolean_var_ = <optimized out>
#6 0x00007f5efaf2e377 in gst_pad_push (pad=pad@entry=0x5646094e0520, buffer=buffer@entry=0x7f5e30122d80) at ../gst/gstpad.c:4830
res = <optimized out>
#7 0x00007f5e8af381b9 in gst_single_queue_push_one (allow_drop=<synthetic pointer>, object=0x7f5e30122d80, sq=0x7f5e301326e0, mq=0x564609480730) at ../plugins/elements/gstmultiqueue.c:1941
buffer = 0x7f5e30122d80
timestamp = 2998952533066
duration = <optimized out>
_g_boolean_var_ = <optimized out>
result = GST_FLOW_OK
srcpad = 0x5646094e0520
result = <optimized out>
srcpad = <optimized out>
__func__ = "gst_single_queue_push_one"
_g_boolean_var_ = <optimized out>
buffer = <optimized out>
timestamp = <optimized out>
duration = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
event = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
query = <optimized out>
res = <optimized out>
_g_boolean_var_ = <optimized out>
_g_boolean_var_ = <optimized out>
#8 gst_multi_queue_loop (pad=<optimized out>) at ../plugins/elements/gstmultiqueue.c:2270
sq = 0x7f5e301326e0
item = <optimized out>
sitem = 0x7f5eb00bcad0
mq = 0x564609480730
object = 0x7f5e30122d80
newid = 597
result = <optimized out>
next_time = <optimized out>
is_buffer = 1
is_query = 0
do_update_buffering = 0
dropping = <optimized out>
srcpad = 0x5646094e0520
__func__ = "gst_multi_queue_loop"
#9 0x00007f5efaf4ddf4 in gst_task_func (task=0x7f5e30122710) at ../gst/gsttask.c:384
lock = 0x5646094e0590
tself = 0x7f5eac09b120
priv = 0x7f5e301226c0
__func__ = "gst_task_func"
_g_boolean_var_ = <optimized out>
#10 0x00007f5efb0b16db in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354
task = 0x7f5e9805d8c0
pool = 0x5646090ca7a0
#11 0x00007f5efb0b1044 in g_thread_proxy (data=0x7f5eac09b120) at ../glib/gthread.c:827
thread = 0x7f5eac09b120
__func__ = "g_thread_proxy"
_g_boolean_var_ = <optimized out>
#12 0x00007f5efab2d0e6 in start_thread (arg=<optimized out>) at pthread_create.c:442
ret = <optimized out>
pd = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140041219197144, -8403116295774794287, 140041130124864, -160, 0, 8387712, 8491987764563938769, 8493743978443574737}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#13 0x00007f5efab93fec in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
No locals.