Le mercredi 31 décembre 2008 à 14:27 +0100, Stefan Lucke a écrit : > Hi, > > sorry for next bug report. > I receive a segfault when theora is the first entry of available codec list. > Segfault happens when the connection is accepted. > This is between ekiga 3.0.2beta WinXP and > ekiga-svn (was the same with ekiga 3.0.1) on linux. > > > GNU gdb 6.7.1 > Copyright (C) 2007 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "i686-pc-linux-gnu"... > Using host libthread_db library "/lib/libthread_db.so.1". > (gdb) run > Starting program: /usr/bin/ekiga > [Thread debugging using libthread_db enabled] > [New Thread 0xb5f1f6d0 (LWP 14978)] > [New Thread 0xb521db90 (LWP 14984)] > [New Thread 0xb51dcb90 (LWP 14985)] > [New Thread 0xb519bb90 (LWP 14986)] > [New Thread 0xb515ab90 (LWP 14987)] > [New Thread 0xb5119b90 (LWP 14988)] > [New Thread 0xb50d8b90 (LWP 14989)] > [New Thread 0xb5097b90 (LWP 14990)] > [New Thread 0xb5056b90 (LWP 14991)] > [New Thread 0xb4effb90 (LWP 14992)] > [New Thread 0xb4ebeb90 (LWP 14993)] > [New Thread 0xb46bdb90 (LWP 15002)] > [New Thread 0xaf6fdb90 (LWP 15009)] > [Thread 0xaf6fdb90 (LWP 15009) exited] > [Thread 0xb4effb90 (LWP 14992) exited] > [Thread 0xb5097b90 (LWP 14990) exited] > [New Thread 0xb5097b90 (LWP 15011)] > [Thread 0xb5056b90 (LWP 14991) exited] > [New Thread 0xb5056b90 (LWP 15012)] > [New Thread 0xb4effb90 (LWP 15013)] > [Thread 0xb4effb90 (LWP 15013) exited] > [New Thread 0xb4effb90 (LWP 15014)] > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0xb4effb90 (LWP 15014)] > 0xb6050cbc in memcpy () from /lib/libc.so.6 > (gdb) thread apply all bt > > Thread 17 (Thread 0xb4effb90 (LWP 15014)): > #0 0xb6050cbc in memcpy () from /lib/libc.so.6 > #1 0xb5a0afe8 in theoraFrame::SetFromTableConfig () from > /usr/lib/opal-3.5.2/codecs/video/theora_video_pwplugin.so > #2 0xb5a0d70e in theoraEncoderContext::theoraEncoderContext () > from /usr/lib/opal-3.5.2/codecs/video/theora_video_pwplugin.so > #3 0xb5a0d758 in create_encoder () from > /usr/lib/opal-3.5.2/codecs/video/theora_video_pwplugin.so > #4 0xb7790a5a in OpalPluginTranscoder::OpalPluginTranscoder () from > /usr/lib/libopal.so.3.5-beta2 > #5 0xb7791314 in OpalPluginVideoTranscoder::OpalPluginVideoTranscoder () > from /usr/lib/libopal.so.3.5-beta2 > #6 0xb779bacc in > OpalPluginTranscoderFactory<OpalPluginVideoTranscoder>::Worker::Create () > from /usr/lib/libopal.so.3.5-beta2 > #7 0xb7494f38 in PFactory<OpalTranscoder, std::pair<PString, PString> > >::WorkerBase::CreateInstance () > from /usr/lib/libopal.so.3.5-beta2 > #8 0xb7496137 in PFactory<OpalTranscoder, std::pair<PString, PString> > >::CreateInstance_Internal () > from /usr/lib/libopal.so.3.5-beta2 > #9 0xb7496174 in PFactory<OpalTranscoder, std::pair<PString, PString> > >::CreateInstance () > from /usr/lib/libopal.so.3.5-beta2 > #10 0xb7494361 in OpalTranscoder::Create () from /usr/lib/libopal.so.3.5-beta2 > #11 0xb7491a8f in OpalMediaPatch::AddSink () from > /usr/lib/libopal.so.3.5-beta2 > #12 0xb747de20 in OpalCall::OpenSourceMediaStreams () from > /usr/lib/libopal.so.3.5-beta2 > #13 0xb7745653 in SIPConnection::OnReceivedSDPMediaDescription () from > /usr/lib/libopal.so.3.5-beta2 > #14 0xb77423a5 in SIPConnection::OnReceivedSDP () from > /usr/lib/libopal.so.3.5-beta2 > #15 0xb7743b32 in SIPConnection::OnReceivedOK () from > /usr/lib/libopal.so.3.5-beta2 > #16 0xb774161e in SIPConnection::OnReceivedResponse () from > /usr/lib/libopal.so.3.5-beta2 > #17 0xb7756d80 in SIPTransaction::OnReceivedResponse () from > /usr/lib/libopal.so.3.5-beta2 > #18 0xb7759f44 in SIPInvite::OnReceivedResponse () from > /usr/lib/libopal.so.3.5-beta2 > #19 0xb7738ac3 in SIPEndPoint::SIP_PDU_Thread::Main () from > /usr/lib/libopal.so.3.5-beta2 > #20 0xb7037115 in PThread::PX_ThreadStart () from /usr/lib/libpt.so.2.5-beta2 > #21 0xb6c1118b in start_thread () from /lib/libpthread.so.0 > #22 0xb60a409e in clone () from /lib/libc.so.6 > > With a selfmade trace message in 'opal/plugins/video/THEORA/theora_frame.cxx' > I get the following output with option -d 4: > > ste...@jarada ~ $ tail -n 20 xx6 > 2008/12/31 12:27:21.440 0:18.328 Aggregator:0xb4f3cb90 PVidInDev > G_PARM failed (preserving frame rate may not work) : Das Argument ist > ungültig > 2008/12/31 12:27:21.440 0:18.328 Aggregator:0xb4f3cb90 PVidInDev > unable to reset frame rate. > 2008/12/31 12:27:21.440 0:18.328 Aggregator:0xb4f3cb90 PVidDev > Colour converter used from 320x240 [YUV420P] to 176x144 [YUV420P] > 2008/12/31 12:27:22.341 0:19.229 AudioEvent...0xb5220b90 AEScheduler > Checking pending list with 1 elements > 2008/12/31 12:27:22.341 0:19.229 AudioEvent...0xb5220b90 AEScheduler > Trying to load /usr/share/sounds/ekiga/dialtone.wav for event > ring_tone_sound > 2008/12/31 12:27:22.342 0:19.230 AudioEvent...0xb5220b90 > AudioOutputCore Dropping sound event, primary device not set > 2008/12/31 12:27:23.993 0:20.881 Aggregator:0xb4f3cb90 PVidDev > SetColourFormatConverter success for native YUV420P > 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 OpalMan > OnOpenMediaStream > Call[g5c0bb3d61]-EP<pc>[1],OpalVideoMediaStream-Source-YUV420P > 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 OpalCon > Opened source stream g5c0bb3d61_2 with format YUV420P > 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 Call > IsMediaBypassPossible > Call[g5c0bb3d61]-EP<sip>[dc4443a5-9bd5-dd11-8e73-00138fd10...@jarada] session > 2 > 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 OpalMan > IsMediaBypassPossible: session 2 > 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 OpalCon > IsMediaBypassPossible: default returns false > 2008/12/31 12:27:23.994 0:20.882 Aggregator:0xb4f3cb90 RTP Found > existing media session 2 > 2008/12/31 12:27:23.995 0:20.883 Aggregator:0xb4f3cb90 OpalMan > OnOpenMediaStream > Call[g5c0bb3d61]-EP<sip>[dc4443a5-9bd5-dd11-8e73-00138fd10...@jarada],OpalRTPMediaStream-Sink-theora > 2008/12/31 12:27:23.995 0:20.883 Aggregator:0xb4f3cb90 OpalCon > Opened sink stream g5c0bb3d61_2 with format theora > 2008/12/31 12:27:23.995 0:20.883 Aggregator:0xb4f3cb90 > RateController New paramaters: bitrate=1024000, window=500, frame > time=3000(rate=30), max skipped frames=1 > 2008/12/31 12:27:23.995 0:20.883 Aggregator:0xb4f3cb90 Patch > Created Sink: format=theora > theora_frame.cxx(75) THEORA Encap Got Header Packet from encoder that > has len 148 != 42 > SetFromTableConfig len = -1240923378 (0xb609030e) > h264helper_unix.cxx(72) H264 IPC CP: Terminating > > My change: > void theoraFrame::SetFromTableConfig (ogg_packet* tablePacket) { > TRACE_UP(4, "THEORA\tEncap\tGot table packet with len " << > tablePacket->bytes); > fprintf(stderr, "SetFromTableConfig len = %d (0x%08x)\n", tablePacket->bytes, > tablePacket->bytes); > memcpy (_packedConfigData.ptr + THEORA_HEADER_PACKET_SIZE, > tablePacket->packet, tablePacket->bytes); > .. > > As on my system ogg_packet->bytes is of size long, negative values of > bytes should be checked and rejected like in ffmpeg > (libavcodec/libtheoraenc.c). > Such values could be source of stack overflows and other type of intrusion. >
It is weird. Wouldn't you have hard optimization values for compiling like -O3 or such ? If not, could you propose a patch ? Thanks, -- _ Damien Sandras (o- //\ Ekiga Softphone : http://www.ekiga.org/ v_/_ Be IP : http://www.beip.be/ FOSDEM : http://www.fosdem.org/ SIP Phone : sip:[email protected] _______________________________________________ ekiga-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/ekiga-list
