Bug 21004

Summary: segfault loading www.serjtankian.com in swfdec_buffer_ref at swfdec_buffer.c:269
Product: swfdec Reporter: Riccardo Magliocchetti <riccardo.magliocchetti>
Component: libraryAssignee: swfdec ml <swfdec>
Status: NEW --- QA Contact: swfdec ml <swfdec>
Severity: critical    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
URL: http://www.serjtankian.com
Whiteboard:
i915 platform: i915 features:

Description Riccardo Magliocchetti 2009-04-01 12:52:38 UTC 
Stacktrace with swfdec 0.8.4:

SWFDEC: ERROR: swfdec_video_decoder_gst.c(156): swfdec_video_decoder_gst_decode: failed to pull decoded buffer. Broken stream?

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf5346ac0 (LWP 5067)]
swfdec_buffer_ref (buffer=0x201) at swfdec_buffer.c:269
269	swfdec_buffer.c: No such file or directory.
	in swfdec_buffer.c
(gdb) bt full
#0  swfdec_buffer_ref (buffer=0x201) at swfdec_buffer.c:269
	__PRETTY_FUNCTION__ = "swfdec_buffer_ref"
#1  0xf35938f6 in swfdec_video_decoder_gst_decode (dec=0xa0934b0, buffer=0x201) at swfdec_video_decoder_gst.c:148
	player = (SwfdecVideoDecoderGst *) 0xa0934b0
	buf = <value optimized out>
	caps = <value optimized out>
	structure = <value optimized out>
	__PRETTY_FUNCTION__ = "swfdec_video_decoder_gst_decode"
#2  0xf35fd3b6 in swfdec_video_decoder_decode (decoder=0xa0934b0, buffer=0x201) at swfdec_video_decoder.c:195
	__PRETTY_FUNCTION__ = "swfdec_video_decoder_decode"
#3  0xf35ffbef in swfdec_video_video_provider_get_image (prov=0xa3b1940, renderer=0xa23bd40, width=0xffc318e8, height=0xffc318e4) at swfdec_video_video_provider.c:115
	provider = (SwfdecVideoVideoProvider *) 0xa3b1940
	cached = <value optimized out>
	frame = (SwfdecVideoFrame *) 0xa8cd1f8
	surface = <value optimized out>
	w = <value optimized out>
	h = <value optimized out>
	__PRETTY_FUNCTION__ = "swfdec_video_video_provider_get_image"
#4  0xf35ff5dd in swfdec_video_provider_get_image (provider=0xa3b1940, renderer=0xa23bd40, width=0xffc318e8, height=0xffc318e4) at swfdec_video_provider.c:89
	__PRETTY_FUNCTION__ = "swfdec_video_provider_get_image"
#5  0xf35fe7d3 in swfdec_video_movie_render (mov=0xbb5a000, cr=0xc3e2c60, trans=0xffc319c4) at swfdec_video_movie.c:59
	surface = <value optimized out>
	width = <value optimized out>
	height = <value optimized out>
#6  0xf35b67f2 in swfdec_movie_render (movie=0xbb5a000, cr=0xc3e2c60, color_transform=0xffc31b64) at swfdec_movie.c:804
	trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb = 0, aa = 256, ab = 0}
	group = 0
	__PRETTY_FUNCTION__ = "swfdec_movie_render"
#7  0xf35b8e3a in swfdec_movie_do_render (movie=0xa2a8ea8, cr=0xc3e2c60, ctrans=0xffc31b64) at swfdec_movie.c:1311
	child = (SwfdecMovie *) 0xbb5a000
	g = (GList *) 0xa37e280
	walk = <value optimized out>
	clips = (GSList *) 0x0
	clip = (ClipEntry *) 0x0
	ident = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, y0 = 0}
	__PRETTY_FUNCTION__ = "swfdec_movie_do_render"
	matrix = {xx = 0.050000000000000003, yx = 0, xy = 0, yy = 0.050000000000000003, x0 = 0, y0 = 0}
#8  0xf35b67f2 in swfdec_movie_render (movie=0xa2a8ea8, cr=0xc3e2c60, color_transform=0xffc31d04) at swfdec_movie.c:804
	trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb = 0, aa = 256, ab = 0}
	group = 1
	__PRETTY_FUNCTION__ = "swfdec_movie_render"
#9  0xf35b8e3a in swfdec_movie_do_render (movie=0xa2a8aa8, cr=0xc3e2c60, ctrans=0xffc31d04) at swfdec_movie.c:1311
	child = (SwfdecMovie *) 0xa2a8ea8
	g = (GList *) 0xa3650a0
	walk = <value optimized out>
	clips = (GSList *) 0x0
	clip = (ClipEntry *) 0x0
	ident = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, y0 = 0}
---Type <return> to continue, or q <return> to quit---
	__PRETTY_FUNCTION__ = "swfdec_movie_do_render"
	matrix = {xx = 0.050000000000000003, yx = 0, xy = 0, yy = 0.050000000000000003, x0 = 0, y0 = 0}
#10 0xf35b67f2 in swfdec_movie_render (movie=0xa2a8aa8, cr=0xc3e2c60, color_transform=0xffc31ea4) at swfdec_movie.c:804
	trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb = 0, aa = 256, ab = 0}
	group = 0
	__PRETTY_FUNCTION__ = "swfdec_movie_render"
#11 0xf35b8e3a in swfdec_movie_do_render (movie=0xa2a88a8, cr=0xc3e2c60, ctrans=0xffc31ea4) at swfdec_movie.c:1311
	child = (SwfdecMovie *) 0xa2a8aa8
	g = (GList *) 0xa37e2a0
	walk = <value optimized out>
	clips = (GSList *) 0x0
	clip = (ClipEntry *) 0x0
	ident = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, y0 = 0}
	__PRETTY_FUNCTION__ = "swfdec_movie_do_render"
	matrix = {xx = 0.050000000000000003, yx = 0, xy = 0, yy = 0.050000000000000003, x0 = 0, y0 = 0}
#12 0xf35b67f2 in swfdec_movie_render (movie=0xa2a88a8, cr=0xc3e2c60, color_transform=0xf361ed60) at swfdec_movie.c:804
	trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb = 0, aa = 256, ab = 0}
	group = 0
	__PRETTY_FUNCTION__ = "swfdec_movie_render"
#13 0xf35c7606 in swfdec_player_render_with_renderer (player=0xa29e018, cr=0xc3e2c60, renderer=0xa23bd40) at swfdec_player.c:3148
	movie = (SwfdecMovie *) 0x201
	priv = <value optimized out>
	walk = (GList *) 0xa37e120
	trans = {mask = 0, ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb = 0, aa = 256, ab = 0}
	__PRETTY_FUNCTION__ = "swfdec_player_render_with_renderer"
#14 0xf35c787a in swfdec_player_render (player=0xa29e018, cr=0xc3e2c60) at swfdec_player.c:3100
	__PRETTY_FUNCTION__ = "swfdec_player_render"
Comment 1 Riccardo Magliocchetti 2009-04-01 13:33:18 UTC 
valgrind output from latest git:

==5344== 
==5344== Conditional jump or move depends on uninitialised value(s)
==5344==    at 0x128B5B04: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:114)
==5344==    by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89)
==5344==    by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1287CDE5: swfdec_player_render_with_renderer (swfdec_player.c:3201)
==5344==    by 0x1287D059: swfdec_player_render (swfdec_player.c:3153)
==5344== 
==5344== Conditional jump or move depends on uninitialised value(s)
==5344==    at 0x1285148C: swfdec_buffer_ref (swfdec_buffer.c:268)
==5344==    by 0x12845BF5: swfdec_video_decoder_gst_decode (swfdec_video_decoder_gst.c:148)
==5344==    by 0x128B3475: swfdec_video_decoder_decode (swfdec_video_decoder.c:195)
==5344==    by 0x128B5AEE: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:115)
==5344==    by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89)
==5344==    by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344== 
==5344== Use of uninitialised value of size 4
==5344==    at 0x1285148E: swfdec_buffer_ref (swfdec_buffer.c:269)
==5344==    by 0x12845BF5: swfdec_video_decoder_gst_decode (swfdec_video_decoder_gst.c:148)
==5344==    by 0x128B3475: swfdec_video_decoder_decode (swfdec_video_decoder.c:195)
==5344==    by 0x128B5AEE: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:115)
==5344==    by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89)
==5344==    by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344== 
==5344== Invalid read of size 4
==5344==    at 0x1285148E: swfdec_buffer_ref (swfdec_buffer.c:269)
==5344==    by 0x12845BF5: swfdec_video_decoder_gst_decode (swfdec_video_decoder_gst.c:148)
==5344==    by 0x128B3475: swfdec_video_decoder_decode (swfdec_video_decoder.c:195)
==5344==    by 0x128B5AEE: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:115)
==5344==    by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89)
==5344==    by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==  Address 0x17 is not stack'd, malloc'd or (recently) free'd
==5344== 
==5344== Process terminating with default action of signal 11 (SIGSEGV)
==5344==  Access not within mapped region at address 0x17
==5344==    at 0x1285148E: swfdec_buffer_ref (swfdec_buffer.c:269)
==5344==    by 0x12845BF5: swfdec_video_decoder_gst_decode (swfdec_video_decoder_gst.c:148)
==5344==    by 0x128B3475: swfdec_video_decoder_decode (swfdec_video_decoder.c:195)
==5344==    by 0x128B5AEE: swfdec_video_video_provider_get_image (swfdec_video_video_provider.c:115)
==5344==    by 0x128B54DC: swfdec_video_provider_get_image (swfdec_video_provider.c:89)
==5344==    by 0x128B4862: swfdec_video_movie_render (swfdec_video_movie.c:60)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==    by 0x1286BDE8: swfdec_movie_render (swfdec_movie.c:822)
==5344==    by 0x1286E201: swfdec_movie_do_render (swfdec_movie.c:1244)
==5344==  If you believe this happened as a result of a stack overflow in your
==5344==  program's main thread (unlikely but possible), you can try to increase
==5344==  the size of the main thread stack using the --main-stacksize= flag.
==5344==  The main thread stack size used in this run was 8388608.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.