Re: [Ekiga-list] Segfault when theora is first codec in list.
- From: Damien Sandras <dsandras seconix com>
- To: Ekiga mailing list <ekiga-list gnome org>
- Subject: Re: [Ekiga-list] Segfault when theora is first codec in list.
- Date: Wed, 31 Dec 2008 14:53:50 +0100
Le mercredi 31 décembre 2008 à 14:27 +0100, Stefan Lucke a écrit :
> Hi,
>
> sorry for next bug report.
> I receive a segfault when theora is the first entry of available codec list.
> Segfault happens when the connection is accepted.
> This is between ekiga 3.0.2beta WinXP and
> ekiga-svn (was the same with ekiga 3.0.1) on linux.
>
>
> GNU gdb 6.7.1
> Copyright (C) 2007 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "i686-pc-linux-gnu"...
> Using host libthread_db library "/lib/libthread_db.so.1".
> (gdb) run
> Starting program: /usr/bin/ekiga
> [Thread debugging using libthread_db enabled]
> [New Thread 0xb5f1f6d0 (LWP 14978)]
> [New Thread 0xb521db90 (LWP 14984)]
> [New Thread 0xb51dcb90 (LWP 14985)]
> [New Thread 0xb519bb90 (LWP 14986)]
> [New Thread 0xb515ab90 (LWP 14987)]
> [New Thread 0xb5119b90 (LWP 14988)]
> [New Thread 0xb50d8b90 (LWP 14989)]
> [New Thread 0xb5097b90 (LWP 14990)]
> [New Thread 0xb5056b90 (LWP 14991)]
> [New Thread 0xb4effb90 (LWP 14992)]
> [New Thread 0xb4ebeb90 (LWP 14993)]
> [New Thread 0xb46bdb90 (LWP 15002)]
> [New Thread 0xaf6fdb90 (LWP 15009)]
> [Thread 0xaf6fdb90 (LWP 15009) exited]
> [Thread 0xb4effb90 (LWP 14992) exited]
> [Thread 0xb5097b90 (LWP 14990) exited]
> [New Thread 0xb5097b90 (LWP 15011)]
> [Thread 0xb5056b90 (LWP 14991) exited]
> [New Thread 0xb5056b90 (LWP 15012)]
> [New Thread 0xb4effb90 (LWP 15013)]
> [Thread 0xb4effb90 (LWP 15013) exited]
> [New Thread 0xb4effb90 (LWP 15014)]
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0xb4effb90 (LWP 15014)]
> 0xb6050cbc in memcpy () from /lib/libc.so.6
> (gdb) thread apply all bt
>
> Thread 17 (Thread 0xb4effb90 (LWP 15014)):
> #0 0xb6050cbc in memcpy () from /lib/libc.so.6
> #1 0xb5a0afe8 in theoraFrame::SetFromTableConfig () from /usr/lib/opal-3.5.2/codecs/video/theora_video_pwplugin.so
> #2 0xb5a0d70e in theoraEncoderContext::theoraEncoderContext ()
> from /usr/lib/opal-3.5.2/codecs/video/theora_video_pwplugin.so
> #3 0xb5a0d758 in create_encoder () from /usr/lib/opal-3.5.2/codecs/video/theora_video_pwplugin.so
> #4 0xb7790a5a in OpalPluginTranscoder::OpalPluginTranscoder () from /usr/lib/libopal.so.3.5-beta2
> #5 0xb7791314 in OpalPluginVideoTranscoder::OpalPluginVideoTranscoder () from /usr/lib/libopal.so.3.5-beta2
> #6 0xb779bacc in OpalPluginTranscoderFactory<OpalPluginVideoTranscoder>::Worker::Create ()
> from /usr/lib/libopal.so.3.5-beta2
> #7 0xb7494f38 in PFactory<OpalTranscoder, std::pair<PString, PString> >::WorkerBase::CreateInstance ()
> from /usr/lib/libopal.so.3.5-beta2
> #8 0xb7496137 in PFactory<OpalTranscoder, std::pair<PString, PString> >::CreateInstance_Internal ()
> from /usr/lib/libopal.so.3.5-beta2
> #9 0xb7496174 in PFactory<OpalTranscoder, std::pair<PString, PString> >::CreateInstance ()
> from /usr/lib/libopal.so.3.5-beta2
> #10 0xb7494361 in OpalTranscoder::Create () from /usr/lib/libopal.so.3.5-beta2
> #11 0xb7491a8f in OpalMediaPatch::AddSink () from /usr/lib/libopal.so.3.5-beta2
> #12 0xb747de20 in OpalCall::OpenSourceMediaStreams () from /usr/lib/libopal.so.3.5-beta2
> #13 0xb7745653 in SIPConnection::OnReceivedSDPMediaDescription () from /usr/lib/libopal.so.3.5-beta2
> #14 0xb77423a5 in SIPConnection::OnReceivedSDP () from /usr/lib/libopal.so.3.5-beta2
> #15 0xb7743b32 in SIPConnection::OnReceivedOK () from /usr/lib/libopal.so.3.5-beta2
> #16 0xb774161e in SIPConnection::OnReceivedResponse () from /usr/lib/libopal.so.3.5-beta2
> #17 0xb7756d80 in SIPTransaction::OnReceivedResponse () from /usr/lib/libopal.so.3.5-beta2
> #18 0xb7759f44 in SIPInvite::OnReceivedResponse () from /usr/lib/libopal.so.3.5-beta2
> #19 0xb7738ac3 in SIPEndPoint::SIP_PDU_Thread::Main () from /usr/lib/libopal.so.3.5-beta2
> #20 0xb7037115 in PThread::PX_ThreadStart () from /usr/lib/libpt.so.2.5-beta2
> #21 0xb6c1118b in start_thread () from /lib/libpthread.so.0
> #22 0xb60a409e in clone () from /lib/libc.so.6
>
> With a selfmade trace message in 'opal/plugins/video/THEORA/theora_frame.cxx'
> I get the following output with option -d 4:
>
> stefan jarada ~ $ tail -n 20 xx6
> 2008/12/31 12:27:21.440 0:18.328 Aggregator:0xb4f3cb90 PVidInDev G_PARM failed (preserving frame rate may not work) : Das Argument ist ungültig
> 2008/12/31 12:27:21.440 0:18.328 Aggregator:0xb4f3cb90 PVidInDev unable to reset frame rate.
> 2008/12/31 12:27:21.440 0:18.328 Aggregator:0xb4f3cb90 PVidDev Colour converter used from 320x240 [YUV420P] to 176x144 [YUV420P]
> 2008/12/31 12:27:22.341 0:19.229 AudioEvent...0xb5220b90 AEScheduler Checking pending list with 1 elements
> 2008/12/31 12:27:22.341 0:19.229 AudioEvent...0xb5220b90 AEScheduler Trying to load /usr/share/sounds/ekiga/dialtone.wav for event ring_tone_sound
> 2008/12/31 12:27:22.342 0:19.230 AudioEvent...0xb5220b90 AudioOutputCore Dropping sound event, primary device not set
> 2008/12/31 12:27:23.993 0:20.881 Aggregator:0xb4f3cb90 PVidDev SetColourFormatConverter success for native YUV420P
> 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 OpalMan OnOpenMediaStream Call[g5c0bb3d61]-EP<pc>[1],OpalVideoMediaStream-Source-YUV420P
> 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 OpalCon Opened source stream g5c0bb3d61_2 with format YUV420P
> 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 Call IsMediaBypassPossible Call[g5c0bb3d61]-EP<sip>[dc4443a5-9bd5-dd11-8e73-00138fd10815 jarada] session 2
> 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 OpalMan IsMediaBypassPossible: session 2
> 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 OpalCon IsMediaBypassPossible: default returns false
> 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 RTP Found existing media session 2
> 2008/12/31 12:27:23.995 0:20.883 Aggregator:0xb4f3cb90 OpalMan OnOpenMediaStream Call[g5c0bb3d61]-EP<sip>[dc4443a5-9bd5-dd11-8e73-00138fd10815 jarada],OpalRTPMediaStream-Sink-theora
> 2008/12/31 12:27:23.995 0:20.883 Aggregator:0xb4f3cb90 OpalCon Opened sink stream g5c0bb3d61_2 with format theora
> 2008/12/31 12:27:23.995 0:20.883 Aggregator:0xb4f3cb90 RateController New paramaters: bitrate=1024000, window=500, frame time=3000(rate=30), max skipped frames=1
> 2008/12/31 12:27:23.995 0:20.883 Aggregator:0xb4f3cb90 Patch Created Sink: format=theora
> theora_frame.cxx(75) THEORA Encap Got Header Packet from encoder that has len 148 != 42
> SetFromTableConfig len = -1240923378 (0xb609030e)
> h264helper_unix.cxx(72) H264 IPC CP: Terminating
>
> My change:
> void theoraFrame::SetFromTableConfig (ogg_packet* tablePacket) {
> TRACE_UP(4, "THEORA\tEncap\tGot table packet with len " << tablePacket->bytes);
> fprintf(stderr, "SetFromTableConfig len = %d (0x%08x)\n", tablePacket->bytes, tablePacket->bytes);
> memcpy (_packedConfigData.ptr + THEORA_HEADER_PACKET_SIZE, tablePacket->packet, tablePacket->bytes);
> ..
>
> As on my system ogg_packet->bytes is of size long, negative values of
> bytes should be checked and rejected like in ffmpeg (libavcodec/libtheoraenc.c).
> Such values could be source of stack overflows and other type of intrusion.
>
It is weird. Wouldn't you have hard optimization values for compiling
like -O3 or such ?
If not, could you propose a patch ?
Thanks,
--
_ Damien Sandras
(o-
//\ Ekiga Softphone : http://www.ekiga.org/
v_/_ Be IP : http://www.beip.be/
FOSDEM : http://www.fosdem.org/
SIP Phone : sip:dsandras ekiga net
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
