FS#65918 - [gstreamer] segfault due to date decoding

Attached to Project: Arch Linux
Opened by Ondřej Hruška (MightyPork) - Saturday, 21 March 2020, 13:06 GMT
Last edited by Balló György (City-busz) - Thursday, 08 June 2023, 23:55 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

community/lollypop crashes on startup due to a gstreamer segfault.

This is similar to https://bugs.archlinux.org/task/62490, but the trace is different and does not appear to come from plugins this time.

Thread 32 "python" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffaffff700 (LWP 8456)]
0x00007ffff4094b74 in gst_date_time_new_local_time () from /usr/lib/libgstreamer-1.0.so.0
(gdb) bt
#0 0x00007ffff4094b74 in gst_date_time_new_local_time () at /usr/lib/libgstreamer-1.0.so.0
#1 0x00007ffff7f7f69a in ffi_call_unix64 () at /usr/lib/libffi.so.6
#2 0x00007ffff7f7efb6 in ffi_call () at /usr/lib/libffi.so.6
#3 0x00007ffff6f503a2 in () at /usr/lib/python3.8/site-packages/gi/_gi.cpython-38-x86_64-linux-gnu.so
#4 0x00007ffff6f50f77 in () at /usr/lib/python3.8/site-packages/gi/_gi.cpython-38-x86_64-linux-gnu.so
#5 0x00007ffff6f4f982 in () at /usr/lib/python3.8/site-packages/gi/_gi.cpython-38-x86_64-linux-gnu.so
#6 0x00007ffff6f554ae in () at /usr/lib/python3.8/site-packages/gi/_gi.cpython-38-x86_64-linux-gnu.so
#7 0x00007ffff7b19f42 in _PyObject_MakeTpCall () at /usr/lib/libpython3.8.so.1.0
...


lollypop 1.2.25-1
extra/gstreamer 1.16.2-1
extra/gst-libav 1.16.2-1
extra/gst-plugins-bad 1.16.2-5
extra/gst-plugins-bad-libs 1.16.2-5
extra/gst-plugins-base 1.16.2-1
extra/gst-plugins-base-libs 1.16.2-1
extra/gst-plugins-good 1.16.2-3
extra/gst-plugins-ugly 1.16.2-2

steps to reproduce: just start lollypop



This task depends upon

Closed by  Balló György (City-busz)
Thursday, 08 June 2023, 23:55 GMT
Reason for closing:  Fixed
Comment by Ondřej Hruška (MightyPork) - Saturday, 21 March 2020, 19:03 GMT
I've been cleaning my music library and the crash no longer happens, not meaning that it's fixed, but that I sadly can't reproduce it anymore.

Looking at the source, there is a missing NULL check here: https://github.com/GStreamer/gstreamer/blob/master/gst/gstdatetime.c#L571
If either `gst_date_time_new_from_g_date_time` or `g_date_time_new_local` return NULL (NULL is propagated), the function will segfault.
I'm not sure how that happens, maybe the constraints checking code above is broken.
Comment by Ondřej Hruška (MightyPork) - Saturday, 21 March 2020, 19:32 GMT
Reproduced with a crafted mp3 file and reported upstream https://gitlab.freedesktop.org/gstreamer/gstreamer/issues/524
Comment by Balló György (City-busz) - Thursday, 08 June 2023, 23:55 GMT
The fix was committed 3 years ago, so I assume it was fixed.

Loading...