gst-discoverer SIGSEGV on H.265 files
Describe your issue
Using the Discoverer API or the gst-discoverer tool on mpeg-ts H.265 files result in crash.
Expected Behavior
No crash, gets info
Observed Behavior
Using the API or the tool on the files I have generated leads to segfault
Setup
- Operating System: Linux Fedora
- Device: Computer
- GStreamer Version: 1.22.5
- Command line: gst-discoverer-1 <uri>
Steps to reproduce the bug
- open terminal
- $ gst-discoverer-1 <uri>
How reproducible is the bug?
Always.
I have generated mpeg.ts using splitmuxsink from network input from something like this:
std::thread::spawn(move || {
let pipeline = gst::parse_launch(&format!(
r#"
rtpbin name=rtpbin ntp-time-source=ntp rtcp-sync-send-time=false
videotestsrc name=src is-live=true
! video/x-raw,width=320,height=180,framerate=(fraction)25/1
! videoconvert ! {} key-int-max=5 tune=zerolatency
! {} pt=96 config-interval=1 ! rtpbin.send_rtp_sink_0
rtpbin.send_rtp_src_0 ! udpsink host=127.0.0.1 port={rtp}
rtpbin.send_rtcp_src_0 ! udpsink host=127.0.0.1 port={rtcp} sync=false async=false"#,
match codec {
"h264" => "x264enc",
"h265" => "x265enc",
_ => panic!("unsupported codec")
},
match codec {
"h264" => "rtph264pay",
"h265" => "rtph265pay",
_ => panic!("unsupported codec")
},
))
.unwrap();
When checking the files generated by H.264 things are fine and I get duration and output and everything:
$ gst-discoverer-1.0 test_create_items/item-00000000
Analyzing file:///home/jonasdn/sandbox/spiideo-gstreamer/persist/test_create_items/item-00000000
Done discovering file:///home/jonasdn/sandbox/spiideo-gstreamer/persist/test_create_items/item-00000000
Properties:
Duration: 0:00:05.989468259
Seekable: yes
Live: no
container #0: MPEG-2 Transport Stream
video #1: H.264 (Constrained Baseline Profile)
Stream ID: 846e1036eb1062923a84b3e33e68694bb0f66111d9c72f9a697a5ed354ce804f:1/00000041
Width: 320
Height: 180
Depth: 24
Frame rate: 0/1
Pixel aspect ratio: 1/1
Interlaced: false
Bitrate: 0
Max bitrate: 0
When trying to check the files with H.265 I get:
$ gst-discoverer-1.0 test_create_items/item-00000002
Analyzing file:///home/jonasdn/sandbox/spiideo-gstreamer/persist/test_create_items/item-00000002
Segmentation fault (core dumped)
jonasdn@fedora:~/sandbox/spiideo-gstreamer/persist (persist-render*)$ gdb --args gst-discoverer-1.0 test_create_items/item-00000002
GNU gdb (GDB) Fedora Linux 13.2-3.fc38
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from gst-discoverer-1.0...
This GDB supports auto-downloading debuginfo from the following URLs:
<https://debuginfod.fedoraproject.org/>
Enable debuginfod for this session? (y or [n]) y
Debuginfod has been enabled.
To make this setting permanent, add 'set debuginfod enabled on' to .gdbinit.
Downloading separate debug info for /usr/bin/gst-discoverer-1.0
Reading symbols from /home/jonasdn/.cache/debuginfod_client/4e442736675c39bdeba788da92da1596acbc956b/debuginfo...
(gdb) r
Starting program: /usr/bin/gst-discoverer-1.0 test_create_items/item-00000002
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Analyzing file:///home/jonasdn/sandbox/spiideo-gstreamer/persist/test_create_items/item-00000002
[New Thread 0x7fffe9cff6c0 (LWP 247224)]
[New Thread 0x7fffe94fe6c0 (LWP 247225)]
[New Thread 0x7fffe89936c0 (LWP 247226)]
[New Thread 0x7fffdbfff6c0 (LWP 247227)]
[New Thread 0x7fffdb3ff6c0 (LWP 247228)]
[New Thread 0x7fffdabfe6c0 (LWP 247229)]
[New Thread 0x7fffda3fd6c0 (LWP 247230)]
[New Thread 0x7fffd9bfc6c0 (LWP 247231)]
[New Thread 0x7fffd93fb6c0 (LWP 247232)]
[New Thread 0x7fffd8bfa6c0 (LWP 247233)]
[New Thread 0x7fffd3fff6c0 (LWP 247234)]
[New Thread 0x7fffd37fe6c0 (LWP 247235)]
[New Thread 0x7fffd2ffd6c0 (LWP 247236)]
[New Thread 0x7fffd27fc6c0 (LWP 247237)]
[New Thread 0x7fffd1ffb6c0 (LWP 247238)]
[New Thread 0x7fffd17fa6c0 (LWP 247239)]
[New Thread 0x7fffd0ff96c0 (LWP 247240)]
[New Thread 0x7fffd07f86c0 (LWP 247241)]
[New Thread 0x7fffcfff76c0 (LWP 247242)]
[New Thread 0x7fffcf7f66c0 (LWP 247243)]
[New Thread 0x7fffceff56c0 (LWP 247244)]
[New Thread 0x7fffce7f46c0 (LWP 247245)]
[New Thread 0x7fffcdff36c0 (LWP 247246)]
[New Thread 0x7fffcd7f26c0 (LWP 247247)]
[New Thread 0x7fffccff16c0 (LWP 247248)]
[New Thread 0x7fffcc7f06c0 (LWP 247249)]
[New Thread 0x7fffcbfef6c0 (LWP 247250)]
[New Thread 0x7fffcb7ee6c0 (LWP 247251)]
[New Thread 0x7fffcafed6c0 (LWP 247252)]
[New Thread 0x7fffca7ec6c0 (LWP 247253)]
[New Thread 0x7fffc9feb6c0 (LWP 247254)]
[New Thread 0x7fffc97ea6c0 (LWP 247255)]
[New Thread 0x7fffc8fe96c0 (LWP 247256)]
[New Thread 0x7fffc87e86c0 (LWP 247257)]
[New Thread 0x7fffc7fe76c0 (LWP 247258)]
[New Thread 0x7fffc77e66c0 (LWP 247259)]
[New Thread 0x7fffc6fe56c0 (LWP 247260)]
Thread 5 "multiqueue0:src" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffdbfff6c0 (LWP 247227)]
0x00007ffff7aa70ef in unlink_chunk.isra () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.37-5.fc38.x86_64 gstreamer1-1.22.5-1.fc38.x86_64 libgcc-13.2.1-1.fc38.x86_64
(gdb) bt
#0 0x00007ffff7aa70ef in unlink_chunk.isra () at /lib64/libc.so.6
#1 0x00007ffff7aaa00d in _int_malloc () at /lib64/libc.so.6
#2 0x00007ffff7aaac74 in malloc () at /lib64/libc.so.6
#3 0x00007ffff7c4e43a in g_malloc (n_bytes=16980) at ../glib/gmem.c:130
#4 0x00007ffff789ae3d in gst_adapter_get_internal () at /lib64/libgstbase-1.0.so.0
#5 0x00007ffff789c7e9 in gst_adapter_get_buffer () at /lib64/libgstbase-1.0.so.0
#6 0x00007ffff78a6e6d in gst_base_parse_chain () at /lib64/libgstbase-1.0.so.0
#7 0x00007ffff7e2ae5c in gst_pad_chain_data_unchecked () at /lib64/libgstreamer-1.0.so.0
#8 0x00007ffff7e2e1fe in gst_pad_push_data () at /lib64/libgstreamer-1.0.so.0
#9 0x00007ffff7e2e834 in gst_pad_push () at /lib64/libgstreamer-1.0.so.0
#10 0x00007fffe9d36184 in gst_single_queue_push_one
(allow_drop=<synthetic pointer>, object=0x7fffe002f470 [None], sq=0x7fffe0007a70, mq=<optimized out>)
at ../plugins/elements/gstmultiqueue.c:2020
#11 gst_multi_queue_loop (pad=<optimized out>) at ../plugins/elements/gstmultiqueue.c:2358
#12 0x00007ffff7e5aec4 in gst_task_func () at /lib64/libgstreamer-1.0.so.0
#13 0x00007ffff7c79112 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:350
#14 0x00007ffff7c769f3 in g_thread_proxy (data=0x7fffe4000f20) at ../glib/gthread.c:831
#15 0x00007ffff7a9a947 in start_thread () at /lib64/libc.so.6
#16 0x00007ffff7b20870 in clone3 () at /lib64/libc.so.6
(gdb) l
735 /* run mainloop */
736 g_main_loop_run (ml);
737
738 gst_discoverer_stop (dc);
739 g_free (ps);
740 g_main_loop_unref (ml);
741 }
742 g_object_unref (dc);
743
744 return 0;
(gdb) Quit
When I use API directly I get something similar:
let timeout: gst::ClockTime = gst::ClockTime::from_seconds(15);
let discoverer = gst_pbutils::Discoverer::new(timeout)?;
let uri = format!(
"file:///{}",
std::fs::canonicalize(file.as_ref().unwrap()).unwrap().display()
);
free(): corrupted unsorted chunks
Thread 12 "discoverer-queu" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffd57ff6c0 (LWP 246205)]
0x00007ffff71cf884 in __pthread_kill_implementation () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.37-5.fc38.x86_64 gstreamer1-1.22.5-1.fc38.x86_64 libcap-2.48-6.fc38.x86_64 libgcc-13.2.1-1.fc38.x86_64 openssl-libs-3.0.9-2.fc38.x86_64 systemd-libs-253.9-1.fc38.x86_64
(gdb) bt
#0 0x00007ffff71cf884 in __pthread_kill_implementation () at /lib64/libc.so.6
#1 0x00007ffff717eafe in raise () at /lib64/libc.so.6
#2 0x00007ffff716787f in abort () at /lib64/libc.so.6
#3 0x00007ffff716860f in _IO_peekc_locked.cold () at /lib64/libc.so.6
#4 0x00007ffff71d97b5 in () at /lib64/libc.so.6
#5 0x00007ffff71dba0d in _int_free () at /lib64/libc.so.6
#6 0x00007ffff71de20e in free () at /lib64/libc.so.6
#7 0x00007ffff7c009f5 in g_free (mem=0x7fffcc018940) at ../glib/gmem.c:232
#8 0x00007ffff7e0ada1 in __gst_tag_list_free () at /lib64/libgstreamer-1.0.so.0
#9 0x00007ffff7d28978 in g_value_unset (value=0x7fffcc0059b0) at ../gobject/gvalue.c:313
#10 0x00007ffff7e0324e in gst_structure_free () at /lib64/libgstreamer-1.0.so.0
#11 0x00007ffff7dbf97d in _gst_event_free () at /lib64/libgstreamer-1.0.so.0
#12 0x00007ffff7dd5b33 in gst_mini_object_replace () at /lib64/libgstreamer-1.0.so.0
#13 0x00007ffff7ddf9be in store_sticky_event () at /lib64/libgstreamer-1.0.so.0
#14 0x00007ffff7de03ab in gst_pad_send_event_unchecked () at /lib64/libgstreamer-1.0.so.0
#15 0x00007ffff7de0cc3 in gst_pad_push_event_unchecked () at /lib64/libgstreamer-1.0.so.0
#16 0x00007ffff7de1488 in push_sticky () at /lib64/libgstreamer-1.0.so.0
#17 0x00007ffff7dd5c65 in events_foreach.lto_priv () at /lib64/libgstreamer-1.0.so.0
#18 0x00007ffff7de4561 in gst_pad_push_event () at /lib64/libgstreamer-1.0.so.0
#19 0x00007ffff489af50 in gst_queue_push_one (queue=0x7fffcc08a1f0 [GstQueue|discoverer-queue-src_0])
at ../plugins/elements/gstqueue.c:1459
#20 gst_queue_loop (pad=<optimized out>) at ../plugins/elements/gstqueue.c:1541
#21 0x00007ffff7e0eec4 in gst_task_func () at /lib64/libgstreamer-1.0.so.0
#22 0x00007ffff7c2d112 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:350
#23 0x00007ffff7c2a9f3 in g_thread_proxy (data=0x7fffe8001350) at ../glib/gthread.c:831
#24 0x00007ffff71cd947 in start_thread () at /lib64/libc.so.6