From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20060126 Fedora/1.5-5 Firefox/1.5 Description of problem: If you try to play an Ogg Media file containing Theora video and Vorbis audio on i386, mplayer crashes. Oddly, on x86_64, it works just fine. Program received signal SIGSEGV, Segmentation fault. 0x00df1a8f in oggpackB_read (b=0x9bee780, bits=8) at bitwise.c:360 360 ret=b->ptr[0]<<(24+b->endbit); (gdb) where #0 0x00df1a8f in oggpackB_read (b=0x9bee780, bits=8) at bitwise.c:360 #1 0x03594472 in theora_decode_header (ci=0xbfb81950, cc=0xbfb819d4, op=0xbfb819b4) at toplevel.c:227 #2 0x081b8661 in demux_ogg_open () #3 0x081933af in free_demuxer () #4 0x08193686 in free_demuxer () #5 0x08194229 in demux_open () #6 0x080a89dc in main () If I downgrade libtheora to FC4's version, it works perfectly well. The problem is that the op argument passed to theora_decode_header has op->packet == NULL with the newer libtheora, whereas it is non-NULL with the older libtheora. I haven't been able to debug it further to tell where the NULL value comes from. Any tips on possible entry points in libogg or libtheora I should set a breakpoint on would be welcome. Version-Release number of selected component (if applicable): mplayer-1.0-0.lvn.0.30.pre7try2.4 libtheora-1.0alpha5-1.1 libogg-1.1.3-1 How reproducible: Always Steps to Reproduce: 1.mplayer http://www.lsd.ic.unicamp.br/~oliva/images/larissa/2005-11/mov/mov01383.ogm Actual Results: It crashes Expected Results: It shouldn't crash Additional info: It appears that the problem is indeed an incompatible ABI change: #1 0x03594472 in theora_decode_header (ci=0xbfb81950, cc=0xbfb819d4, op=0xbfb819b4) at toplevel.c:227 (gdb) p sizeof(*ci) $15 = 104 (gdb) p /x 0xbfb81950 + 104 $16 = 0xbfb819b8 (gdb) p (char*)ci + sizeof(*ci) - 4 == (char*)op $17 = 1 see, that's past the beginning of op. Whoever sets ci->pixelformat (the newly-added member at the end of the struct) overwrites op->buffer. I'm not sure what it is that allocates ci and op, but if it's client code, based on compile-time size of data structures, libtheora should have had its SONAME bumped up to signal the binary incompatibility.
This goes quite a lot into libtheora internals. Would you please close the bug and report it to mplayer, and if they confirm it's a Theora problem then report it directly to theora developers? Also, does totem (which is included in Fedora Core, unlike mplayer) work? Thanks
Err, no, when I started filing the bug report, I wasn't sure yet. By the time I submitted it, it was obvious that libtheora *had* indeed undergone an incompatible ABI change without bumping up the SONAME, and that is the bug. Totem was rebuilt with the new libtheora, so it does work. The problem is exactly that, if you mean to require programs to be rebuilt to work with the new ABI, you have to change the SONAME of the library, or at least provide compat symbols in it that enable programs linked with the old library ABI to still work.
Not really a Fedora problem though. This should be moved to upstream and this bug referenced. Chances are though that it is too late for us to bump sonames in FC-5.