Bug 446444 - crash when seeking an audio file
Summary: crash when seeking an audio file
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: totem
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Bastien Nocera
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-14 16:42 UTC by Bill Nottingham
Modified: 2014-03-17 03:14 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-06-10 15:38:38 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Bill Nottingham 2008-05-14 16:42:17 UTC 
Description of problem:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x43091950 (LWP 14809)]
0x00007f5be6c0d870 in audio_convert_pack_float_le (src=0x7f5be0333000, 
    dst=0x7f5be0333000, scale=<value optimized out>, count=1026150096)
    at audioconvert.c:251
251	MAKE_PACK_FUNC_IF (float_le, gfloat, GFLOAT_TO_LE);

#0  0x00007f5be6c0d870 in audio_convert_pack_float_le (src=0x7f5be0333000, 
    dst=0x7f5be0333000, scale=<value optimized out>, count=1026150096)
    at audioconvert.c:251
#1  0x00007f5be6c0df97 in audio_convert_convert (ctx=0x131c250, src=0x7f5be0333000, 
    dst=0x7f5be0333000, samples=1026150096, src_writable=0) at audioconvert.c:592
#2  0x00007f5be6c0b204 in gst_audio_convert_transform (base=<value optimized out>, 
    inbuf=0x7f5be0351890, outbuf=0x7f5be033ab40) at gstaudioconvert.c:981
#3  0x0000003cfb818cb8 in gst_base_transform_handle_buffer (
    trans=<value optimized out>, inbuf=<value optimized out>, 
    outbuf=<value optimized out>) at gstbasetransform.c:1471
#4  0x0000003cfb819c2c in gst_base_transform_chain (pad=<value optimized out>, 
    buffer=<value optimized out>) at gstbasetransform.c:1590
#5  0x0000003cf9052376 in gst_pad_chain_unchecked (pad=<value optimized out>, 
    buffer=<value optimized out>) at gstpad.c:3523
#6  0x0000003cf905328b in gst_pad_push (pad=<value optimized out>, 
    buffer=<value optimized out>) at gstpad.c:3691
#7  0x0000003cf9052376 in gst_pad_chain_unchecked (pad=<value optimized out>, 
    buffer=<value optimized out>) at gstpad.c:3523
#8  0x0000003cf905328b in gst_pad_push (pad=<value optimized out>, 
    buffer=<value optimized out>) at gstpad.c:3691
#9  0x00007f5be9d6444e in gst_queue_loop (pad=<value optimized out>)
    at gstqueue.c:1021
#10 0x0000003cf906d7f6 in gst_task_func (task=<value optimized out>, 
    tclass=<value optimized out>) at gsttask.c:192
#11 0x0000003ce3c619c7 in g_thread_pool_thread_proxy (data=<value optimized out>)
    at gthreadpool.c:265
#12 0x0000003ce3c60434 in g_thread_create_proxy (data=<value optimized out>)
    at gthread.c:635
#13 0x0000003ce300729a in start_thread (arg=<value optimized out>)
    at pthread_create.c:297
#14 0x0000003ce24e42cd in clone () from /lib64/libc.so.6

Version-Release number of selected component (if applicable):

totem-2.23.2-2.fc9.x86_64
gstreamer-0.10.19-1.fc9.x86_64

How reproducible:

Every time

Steps to Reproduce:
1. Play MP3
2. Seek
3. bang!
Comment 1 Bastien Nocera 2008-05-14 17:41:11 UTC 
Which version of gstreamer-plugins-base and which MP3 decoder are you using? Do
you see any errors on the command-line when this happens? Can you reproduce
with, say, an Ogg file?

The audioconvert.c code hasn't changed in over a year (in the latest
gst-plugins-base we ship, gstreamer-plugins-base-0.10.19-2.fc9), so it's
unlikely to be the culprit.
Comment 2 Bill Nottingham 2008-05-14 17:51:00 UTC 
gstreamer-plugins-base-0.10.19-1.fc9.x86_64

Appears to be using:

/usr/lib64/gstreamer-0.10/libgstmad.so
/usr/lib64/gstreamer-0.10/libgstmpegaudioparse.so

from gstreamer-plugins-ugly-0.10.7-1.lvn9.x86_64
Comment 3 Bastien Nocera 2008-05-14 20:50:19 UTC 
Do you see any errors on the command-line when this happens? Can you reproduce
with, say, an Ogg file?
Comment 4 Bill Nottingham 2008-05-15 04:11:24 UTC 
No and no.
Comment 5 Bastien Nocera 2008-05-15 13:26:31 UTC 
Tim found this was similar to:
http://bugzilla.gnome.org/show_bug.cgi?id=527572

This seems to be related to mad and/or the volume elements. Can you reproduce
the problem with _any_ MP3s or just a specific one? If the latter, could you
please make the file available and explain the exact steps to reproduce?

Finally, does "madplay -v" (available in the madplay RPM on livna) on a file
showing the problem show any errors?
Comment 6 Bill Nottingham 2008-05-15 15:14:04 UTC 
MPEG Audio Decoder 0.15.2 (beta) - Copyright © 2000-2004 Robert Leslie et al.
 01:07:58 Layer III, 24 kbps, 11025 Hz, single channel, no CRC
78059 frames decoded (1:07:58.1), +1.5 dB peak amplitude, 0 clipped samples

Available at http://www.nowlive.com/podcast/OpenPodcast.ashx?PodcastID=90200
(which redirects to the mp3). Reproducer is simply to start playing and drag the
slider back and forth.

Sometimes I get:

*** glibc detected *** totem: malloc(): memory corruption: 0x00007f4ec4031210 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3ce247b50f]
/lib64/libc.so.6(__libc_malloc+0x98)[0x3ce247cd48]
/lib64/libglib-2.0.so.0(g_malloc+0x23)[0x3ce3c3f8a3]
/usr/lib64/libgstreamer-0.10.so.0(gst_buffer_new_and_alloc+0x17)[0x3cf902f587]
/usr/lib64/gstreamer-0.10/libgstcoreelements.so[0x13c8cf8]
/usr/lib64/libgstbase-0.10.so.0[0x3cfb8119ab]
/usr/lib64/libgstbase-0.10.so.0[0x3cfb8140b7]
/usr/lib64/libgstreamer-0.10.so.0[0x3cf906d7f6]
/lib64/libglib-2.0.so.0[0x3ce3c619c7]
/lib64/libglib-2.0.so.0[0x3ce3c60434]
/lib64/libpthread.so.0[0x3ce300729a]
/lib64/libc.so.6(clone+0x6d)[0x3ce24e42cd]
======= Memory map: ========
00110000-0011b000 r-xp 00000000 08:02 2932588                           
/lib64/libnss_files-2.8.so
0011b000-0031a000 ---p 0000b000 08:02 2932588                           
/lib64/libnss_files-2.8.so
0031a000-0031b000 r--p 0000a000 08:02 2932588                           
/lib64/libnss_files-2.8.so
0031b000-0031c000 rw-p 0000b000 08:02 2932588                           
/lib64/libnss_files-2.8.so
00400000-00442000 r-xp 00000000 08:02 5645236                           
/usr/bin/totem
00642000-0064d000 rw-p 00042000 08:02 5645236                           
/usr/bin/totem
0064d000-0064f000 r-xp 00000000 08:02 5863143                           
/usr/lib64/gtk-2.0/modules/libgnomebreakpad.so
0064f000-0084e000 ---p 00002000 08:02 5863143                           
/usr/lib64/gtk-2.0/modules/libgnomebreakpad.so
0084e000-0084f000 rw-p 00001000 08:02 5863143                           
/usr/lib64/gtk-2.0/modules/libgnomebreakpad.so
0084f000-00862000 r-xp 00000000 08:02 5635487                           
/usr/lib64/libelf-0.133.so
00862000-00a61000 ---p 00013000 08:02 5635487                           
/usr/lib64/libelf-0.133.so
00a61000-00a62000 r--p 00012000 08:02 5635487                           
/usr/lib64/libelf-0.133.so
00a62000-00a63000 rw-p 00013000 08:02 5635487                           
/usr/lib64/libelf-0.133.so
00a63000-00b51000 r-xp 00000000 08:02 284295                            
/usr/lib64/libstdc++.so.6.0.10
00b51000-00d51000 ---p 000ee000 08:02 284295                            
/usr/lib64/libstdc++.so.6.0.10
00d51000-00d58000 r--p 000ee000 08:02 284295                            
/usr/lib64/libstdc++.so.6.0.10
00d58000-00d5a000 rw-p 000f5000 08:02 284295                            
/usr/lib64/libstdc++.so.6.0.10
00d5a000-00d6d000 rw-p 00d5a000 00:00 0 
00d6d000-00d83000 r-xp 00000000 08:02 11987317                          
/lib64/libgcc_s-4.3.0-20080428.so.1
00d83000-00f82000 ---p 00016000 08:02 11987317                          
/lib64/libgcc_s-4.3.0-20080428.so.1
00f82000-00f83000 rw-p 00015000 08:02 11987317                          
/lib64/libgcc_s-4.3.0-20080428.so.1
00f83000-00f96000 r-xp 00000000 08:02 7271697                           
/usr/lib64/gtk-2.0/2.10.0/engines/libnodoka.so
00f96000-01195000 ---p 00013000 08:02 7271697                           
/usr/lib64/gtk-2.0/2.10.0/engines/libnodoka.so
01195000-01196000 rw-p 00012000 08:02 7271697                           
/usr/lib64/gtk-2.0/2.10.0/engines/libnodoka.so
01196000-011b8000 r-xp 00000000 08:02 5764966                           
/usr/lib64/gstreamer-0.10/libgstplaybin.so
011b8000-013b8000 ---p 00022000 08:02 5764966                           
/usr/lib64/gstreamer-0.10/libgstplaybin.so
013b8000-013ba000 rw-p 00022000 08:02 5764966                           
/usr/lib64/gstreamer-0.10/libgstplaybin.so
013ba000-013e2000 r-xp 00000000 08:02 9220043                           
/usr/lib64/gstreamer-0.10/libgstcoreelements.so
013e2000-015e1000 ---p 00028000 08:02 9220043                           
/usr/lib64/gstreamer-0.10/libgstcoreelements.so
015e1000-015e3000 rw-p 00027000 08:02 9220043                           
/usr/lib64/gstreamer-0.10/libgstcoreelements.so
01777000-022fe000 rw-p 01777000 00:00 0                                  [heap]
03d9c000-03dc1000 r-xp 00000000 08:02 5671037                           
/usr/lib64/gio/modules/libgvfsdbus.so
03dc1000-03fc0000 ---p 00025000 08:02 5671037                           
/usr/lib64/gio/modules/libgvfsdbus.so
03fc0000-03fc2000 rw-p 00024000 08:02 5671037                           
/usr/lib64/gio/modules/libgvfsdbus.so
05408000-05410000 r-xp 00000000 08:02 5764390                           
/usr/lib64/gstreamer-0.10/libgstgconfelements.so
05410000-0560f000 ---p 00008000 08:02 5764390                           
/usr/lib64/gstreamer-0.10/libgstgconfelements.so
0560f000-05610000 rw-p 00007000 08:02 5764390                           
/usr/lib64/gstreamer-0.10/libgstgconfelements.so
05b5b000-05b7d000 r-xp 00000000 08:02 5666234                           
/usr/lib64/gio/modules/libgiohal-volume-monitor.so
05b7d000-05d7d000 ---p 00022000 08:02 5666234                           
/usr/lib64/gio/modules/libgiohal-volume-monitor.so
05d7d000-05d7f000 rw-p 00022000 08:02 5666234                           
/usr/lib64/gio/modules/libgiohal-volume-monitor.so
40d87000-40d88000 ---p 40d87000 00:00 0 
40d88000-41788000 rw-p 40d88000 00:00 0 
41c71000-41c72000 ---p 41c71000 00:00 0 
41c72000-42672000 rw-p 41c72000 00:00 0 
42672000-42673000 ---p 42672000 00:00 0 
42673000-43073000 rw-p 42673000 00:00 0 
43073000-43074000 ---p 43073000 00:00 0 
43074000-43a74000 rw-p 43074000 00:00 0 
43a74000-43a75000 ---p 43a74000 00:00 0 
43a75000-44475000 rw-p 43a75000 00:00 0 
44475000-44476000 ---p 44475000 00:00 0 
44476000-44e76000 rw-p 44476000 00:00 0 
38bb600000-38bb618000 r-xp 00000000 08:02 5641419                       
/usr/lib64/libid3tag.so.0.3.0
38bb618000-38bb817000 ---p 00018000 08:02 5641419                       
/usr/lib64/libid3tag.so.0.3.0
38bb817000-38bb81a000 rw-p 00017000 08:02 5641419                       
/usr/lib64/libid3tag.so.0.3.0
3ce2000000-3ce201d000 r-xp 00000000 08:02 11987305                      
/lib64/ld-2.8.so
3ce221c000-3ce221d000 r--p 0001c000 08:02 11987305                      
/lib64/ld-2.8.so
3ce221d000-3ce221e000 rw-p 0001d000 08:02 11987305                      
/lib64/ld-2.8.so
3ce2400000-3ce2562000 r-xp 00000000 08:02 11987306                      
/lib64/libc-2.8.so
3ce2562000-3ce2762000 ---p 00162000 08:02 11987306                      
/lib64/libc-2.8.so
3ce2762000-3ce2766000 r--p 00162000 08:02 11987306                      
/lib64/libc-2.8.so
3ce2766000-3ce2767000 rw-p 00166000 08:02 11987306                      
/lib64/libc-2.8.so
3ce2767000-3ce276c000 rw-p 3ce2767000 00:00 0 
3ce2800000-3ce2884000 r-xp 00000000 08:02 11987315                      
/lib64/libm-2.8.so
3ce2884000-3ce2a83000 ---p 00084000 08:02 11987315                      
/lib64/libm-2.8.so
3ce2a83000-3ce2a84000 r--p 00083000 08:02 11987315                      
/lib64/libm-2.8.so
3ce2a84000-3ce2a85000 rw-p 00084000 08:02 11987315                      
/lib64/libm-2.8.so
3ce2c00000-3ce2c02000 r-xp 00000000 08:02 11987308                      
/lib64/libdl-2.8.so
3ce2c02000-3ce2e02000 ---p 00002000 08:02 11987308                      
/lib64/libdl-2.8.so
3ce2e02000-3ce2e03000 r--p 00002000 08:02 11987308                      
/lib64/libdl-2.8.so
3ce2e03000-3ce2e04000 rw-p 00003000 08:02 11987308                      
/lib64/libdl-2.8.so
3ce3000000-3ce3016000 r-xp 00000000 08:02 11987316                      
/lib64/libpthread-2.8.so
3ce3016000-3ce3215000 ---p 00016000 08:02 11987316                      
/lib64/libpthread-2.8.so
3ce3215000-3ce3216000 r--p 00015000 08:02 11987316                      
/lib64/libpthread-2.8.so
3ce3216000-3ce3217000 rw-p 00016000 08:02 11987316                      
/lib64/libpthread-2.8.so
3ce3217000-3ce321b000 rw-p 3ce3217000 00:00 0 
3ce3400000-3ce341a000 r-xp 00000000 08:02 11987309                      
/lib64/libselinux.so.1
3ce341a000-3ce3619000 ---p 0001a000 08:02 11987309                      
/lib64/libselinux.so.1
3ce3619000-3ce361a000 r--p 00019000 08:02 11987309                      
/lib64/libselinux.so.1
3ce361a000-3ce361b000 rw-p 0001a000 08:02 11987309                      
/lib64/libselinux.so.1
3ce361b000-3ce361c000 rw-p 3ce361b000 00:00 0 
3ce3800000-3ce3815000 r-xp 00000000 08:02 11987314                      
/lib64/libz.so.1.2.3
3ce3815000-3ce3a14000 ---p 00015000 08:02 11987314                      
/lib64/libz.so.1.2.3
3ce3a14000-3ce3a15000 rw-p 00014000 08:02 11987314                      
/lib64/libz.so.1.2.3
3ce3c00000-3ce3cde000 r-xp 00000000 08:02 11987310                      
/lib64/libglib-2.0.so.0.1600.3
3ce3cde000-3ce3ede000 ---p 000de000 08:02 11987310                      
/lib64/libglib-2.0.so.0.1600.3
3ce3ede000-3ce3edf000 rw-p 000de000 08:02 11987310                      
/lib64/libglib-2.0.so.0.1600.3
3ce3edf000-3ce3ee0000 rw-p 3ce3edf000 00:00 0 
3ce4000000-3ce4001000 r-xp 00000000 08:02 2342619             Multiple
segmentation faults occurred; can't display error dialog
Comment 7 Bill Nottingham 2008-05-15 15:33:29 UTC 
As for what files cause it, files identified (by 'file') as:

Audio file with ID3 version 22.0 tag, MP3 encoding

seem to work OK.

Files identified as:

MPEG ADTS, layer III, v1, 128 kBits, (*) kHz, JntStereo
or
MPEG ADTS, layer III,  v2.5,  24 kBits, 11.025 kHz, Monaural

seem to have problems.
Comment 8 Bill Nottingham 2008-05-15 15:45:45 UTC 
FWIW, rhyhthmbox doesn't out-and-out crash, but attempting to seek the file
there renders the file umplayable until rhythmbox is restarted.
Comment 9 Bastien Nocera 2008-09-01 10:48:58 UTC 
An upstream reporter mentions that it works fine with an updated gstreamer-plugins-ugly: http://bugzilla.gnome.org/show_bug.cgi?id=549326
Comment 10 Bug Zapper 2009-06-10 00:49:01 UTC 
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 11 Bill Nottingham 2009-06-10 15:38:38 UTC 
No longer crashes.
Note You need to log in before you can comment on or make changes to this bug.