Crash when setting playbin state to NULL with a 16-bit PNG image
Describe your issue
GStreamer crashes when setting playbin state to NULL when playing a 16-bit PNG image.
Expected Behavior
No crash.
Observed Behavior
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007ffff78bb8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x00007ffff78698ee in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007ffff78518ff in __GI_abort () at abort.c:79
#4 0x00007ffff78527d0 in __libc_message (fmt=fmt@entry=0x7ffff79cf56a "%s\n") at ../sysdeps/posix/libc_fatal.c:150
#5 0x00007ffff78c5795 in malloc_printerr (str=str@entry=0x7ffff79d1de8 "munmap_chunk(): invalid pointer") at malloc.c:5765
#6 0x00007ffff78c5a2c in munmap_chunk (p=p@entry=0x7fffa37ff000) at malloc.c:3035
#7 0x00007ffff78ca41a in __GI___libc_free (mem=mem@entry=0x7fffa37ff010) at malloc.c:3381
#8 0x00007ffff7b4c805 in g_free (mem=0x7fffa37ff010) at ../glib/gmem.c:238
#9 0x00007fffdbf432f9 in _mem_free (allocator=<optimized out>, memory=0x7fffe00b2310 [None]) at ../gst-libs/gst/gl/gstglbasememory.c:484
#10 0x00007ffff7d25e45 in _gst_memory_free (mem=0x7fffe00b2310 [None]) at ../gst/gstmemory.c:98
#11 0x00007ffff7ce975a in _gst_buffer_free (buffer=0x5555556e6bd0 [None]) at ../gst/gstbuffer.c:816
#12 0x00007ffff7ceeb03 in default_stop (pool=0x7fffa800bec0 [GstBufferPool|glbufferpool2]) at ../gst/gstbufferpool.c:422
#13 0x00007ffff7ce7ba3 in do_stop (pool=pool@entry=0x7fffa800bec0 [GstBufferPool|glbufferpool2]) at ../gst/gstbufferpool.c:440
#14 0x00007ffff7cef660 in gst_buffer_pool_set_active (pool=0x7fffa800bec0 [GstBufferPool|glbufferpool2], active=active@entry=0) at ../gst/gstbufferpool.c:548
#15 0x00007ffff7eec852 in gst_video_decoder_reset (decoder=decoder@entry=0x7fffe0047a20 [GstVideoDecoder|pngdec0], full=full@entry=1, flush_hard=flush_hard@entry=1) at ../gst-libs/gst/video/gstvideodecoder.c:2389
#16 0x00007ffff7eec9df in gst_video_decoder_change_state (element=0x7fffe0047a20 [GstElement|pngdec0], transition=<optimized out>) at ../gst-libs/gst/video/gstvideodecoder.c:2880
#17 0x00007ffff7d0ba14 in gst_element_change_state (element=element@entry=0x7fffe0047a20 [GstElement|pngdec0], transition=transition@entry=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/gstelement.c:3093
#18 0x00007ffff7d0c2c9 in gst_element_set_state_func (element=0x7fffe0047a20 [GstElement|pngdec0], state=GST_STATE_READY) at ../gst/gstelement.c:3047
#19 0x00007ffff7ce3488 in gst_bin_element_set_state (next=<optimized out>, current=<optimized out>, start_time=0 [0:00:00.000000000], base_time=38213693980291 [10:36:53.693980291], element=0x7fffe0047a20 [GstElement|pngdec0], bin=<optimized out>) at ../gst/gstbin.c:2582
#20 gst_bin_change_state_func (element=0x5555556e1080 [GstElement|decodebin0], transition=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/gstbin.c:2931
#21 0x00007fffe9dd5999 in gst_decode_bin_change_state (element=0x5555556e1080 [GstElement|decodebin0], transition=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/playback/gstdecodebin2.c:5468
#22 0x00007ffff7d0ba14 in gst_element_change_state (element=element@entry=0x5555556e1080 [GstElement|decodebin0], transition=transition@entry=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/gstelement.c:3093
#23 0x00007ffff7d0c2c9 in gst_element_set_state_func (element=0x5555556e1080 [GstElement|decodebin0], state=GST_STATE_READY) at ../gst/gstelement.c:3047
#24 0x00007ffff7ce3488 in gst_bin_element_set_state (next=<optimized out>, current=<optimized out>, start_time=0 [0:00:00.000000000], base_time=38213693980291 [10:36:53.693980291], element=0x5555556e1080 [GstElement|decodebin0], bin=<optimized out>) at ../gst/gstbin.c:2582
#25 gst_bin_change_state_func (element=0x5555556c6e70 [GstElement|uridecodebin0], transition=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/gstbin.c:2931
#26 0x00007fffe9dee070 in gst_uri_decode_bin_change_state (element=0x5555556c6e70 [GstElement|uridecodebin0], transition=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/playback/gsturidecodebin.c:2913
#27 0x00007ffff7d0ba14 in gst_element_change_state (element=element@entry=0x5555556c6e70 [GstElement|uridecodebin0], transition=transition@entry=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/gstelement.c:3093
#28 0x00007ffff7d0c2c9 in gst_element_set_state_func (element=0x5555556c6e70 [GstElement|uridecodebin0], state=GST_STATE_READY) at ../gst/gstelement.c:3047
#29 0x00007ffff7ce3488 in gst_bin_element_set_state (next=<optimized out>, current=<optimized out>, start_time=0 [0:00:00.000000000], base_time=38213693980291 [10:36:53.693980291], element=0x5555556c6e70 [GstElement|uridecodebin0], bin=<optimized out>) at ../gst/gstbin.c:2582
#30 gst_bin_change_state_func (element=0x5555556ceac0 [GstElement|playbin], transition=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/gstbin.c:2931
#31 0x00007fffe9e04f12 in gst_play_bin_change_state (element=0x5555556ceac0 [GstElement|playbin], transition=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/playback/gstplaybin2.c:5838
#32 0x00007ffff7d0ba14 in gst_element_change_state (element=element@entry=0x5555556ceac0 [GstElement|playbin], transition=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/gstelement.c:3093
#33 0x00007ffff7d0bf81 in gst_element_continue_state (element=element@entry=0x5555556ceac0 [GstElement|playbin], ret=ret@entry=GST_STATE_CHANGE_SUCCESS) at ../gst/gstelement.c:2801
#34 0x00007ffff7d0ba58 in gst_element_change_state (element=element@entry=0x5555556ceac0 [GstElement|playbin], transition=transition@entry=GST_STATE_CHANGE_PLAYING_TO_PAUSED) at ../gst/gstelement.c:3132
#35 0x00007ffff7d0c2c9 in gst_element_set_state_func (element=0x5555556ceac0 [GstElement|playbin], state=GST_STATE_NULL) at ../gst/gstelement.c:3047
#36 0x000055555555b6f5 in play_free (play=0x5555556c40b0) at ../tools/gst-play.c:298
#37 real_main (argc=<optimized out>, argv=<optimized out>) at ../tools/gst-play.c:1844
#38 0x00007ffff785314a in __libc_start_call_main (main=main@entry=0x555555559270 <main>, argc=argc@entry=2, argv=argv@entry=0x7fffffffe198) at ../sysdeps/nptl/libc_start_call_main.h:58
#39 0x00007ffff785320b in __libc_start_main_impl (main=0x555555559270 <main>, argc=2, argv=0x7fffffffe198, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe188) at ../csu/libc-start.c:360
#40 0x00005555555592a5 in _start ()
Setup
- Operating System: Fedora 39 in a toolbox
- Device: Computer
- GStreamer Version: some combination of 1.22.6 and 1.22.5, apparently. Ask Fedora I guess, but it also happens in the current org.gnome.Platform//45
- Command line: gst-play-1.0
Steps to reproduce the bug
- gst-play-1.0 16-bit.png
How reproducible is the bug?
Always