Bug 1068664
Summary: | Upgrading libvpx from 1.2.0 to 1.3.0 causes buffer overflow in "vp8enc" GStreamer 0.10 element | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Röthlisberger <david> | ||||
Component: | libvpx | Assignee: | Tom "spot" Callaway <tcallawa> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 20 | CC: | aiman.baharna, bnocera, fabian.deutsch, lmr, otte, rdieter, tcallawa, vg.aetera, wtaymans | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | gstreamer-plugins-bad-free-0.10.23-20.fc20 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-03-23 04:45:13 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
I hit the same problem last week and thought this was a problem with my test suite code (it encodes video from virtual machine screenshots). Ok, I'll try to downgrade libvpx. libvpx-1.3.0 breaks ABI with 1.2.0: the size of vpx_codec_enc_cfg_t changed from 248 bytes to 256 bytes. The plugins needs to be recompiled. The reason why it works with 1.x is that we don't allocate this structure on the stack there but in the instance (and it probably overwrites some memory it shouldn't). I did forget to post an update, but 1.2.0 does solve the problem I was having. Thanks for the analysis, Wim. How do I arrange for the gstreamer-plugins-bad-free package to be rebuilt? (because of libvpx 1.3.0's new ABI). There are new symbols too, see also bug #1072129 gstreamer1-plugins-good-1.2.3-2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/gstreamer1-plugins-good-1.2.3-2.fc20 Package gstreamer1-plugins-good-1.2.3-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing gstreamer1-plugins-good-1.2.3-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-4113/gstreamer1-plugins-good-1.2.3-2.fc20 then log in and leave karma (feedback). Because I need to use the "vp8enc" element with gstreamer-0.10, I am really looking for an updated "gstreamer-plugins-bad-free" instead of "gstreamer1-plugins-good". This is preferable compared to manually downgrading libvpx. Would it be possible to provide an updated Fedora 20 build for that? gstreamer1-plugins-good-1.2.3-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. gstreamer-plugins-bad-free-0.10.23-20.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/gstreamer-plugins-bad-free-0.10.23-20.fc20 gstreamer-plugins-bad-free-0.10.23-20.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 866089 [details] Stack trace from gst-launch-0.10 videotestsrc ! vp8enc ! filesink location=video.vp8 Description of problem: With libvpx 1.3.0, a GStreamer pipeline with the "vp8enc" encoder element (from gstreamer-plugins-bad-free 0.10.23) crashes with "*** stack smashing detected ***". This only happens with libvpx 1.3.0 + GStreamer 0.10. It doesn't happen with libvpx 1.2.0 + GStreamer 0.10 nor with libvpx 1.3.0 + Gstreamer 1. Note that GStreamer 0.10 is no longer supported upstream, but libvpx 1.3.0 is supposed to be ABI-compatible with 1.2.0. Version-Release number of selected component (if applicable): Name : gstreamer-plugins-bad-free Arch : x86_64 Version : 0.10.23 Release : 19.fc20 Name : libvpx Arch : x86_64 Version : 1.3.0 Release : 3.fc20 How reproducible: 100% Steps to Reproduce: $ gst-launch-0.10 videotestsrc ! vp8enc ! filesink location=video.vp8 Actual results: *** stack smashing detected ***: gst-launch-0.10 terminated Expected results: gst-launch runs until you press Control-C. Additional info: Stack trace attached.