Ubuntu
libtheora package

[apport] totem crashed with SIGSEGV in free()

Bug #88562 reported by fiferjim
4
Affects Status Importance Assigned to Milestone
libtheora (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: totem

Every time I tried to play this downloaded video http://ftp.belnet.be/mirrors/FOSDEM/2007/FOSDEM2007-GEGL.ogg (300 MB), Totem would crash on me.

ProblemType: Crash
Date: Tue Feb 27 20:44:13 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/bin/totem
Package: totem-xine 2.17.92-0ubuntu1
ProcCmdline: totem
ProcCwd: /home/fifers
ProcEnviron:
 SHELL=/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
 LANG=en_US.UTF-8
Signal: 11
SourcePackage: totem
StacktraceTop:
 ?? () from /lib/libc.so.6
 free () from /lib/libc.so.6
 ?? () from /usr/lib/libgtk-x11-2.0.so.0
 ?? () from /usr/lib/libgtk-x11-2.0.so.0
 gtk_label_set_text ()
Uname: Linux fifers 2.6.20-8-generic #2 SMP Tue Feb 13 01:14:41 UTC 2007 x86_64 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip fax floppy plugdev scanner tape

Revision history for this message
fiferjim (fifers) wrote :
Revision history for this message
Martin Pitt (pitti) wrote :

WARNING: library /usr/lib/gtk-2.0/2.10.0/loaders/svg_loader.so not known to totem-xine 2.17.92-0ubuntu1 dependencies (using librsvg2-common 2.16.0-0ubuntu2)
WARNING: library /usr/lib/gtk-2.0/2.10.0/engines/libubuntulooks.so not known to totem-xine 2.17.92-0ubuntu1 dependencies (using gtk2-engines-ubuntulooks 0.9.12-3)
WARNING: package libxcb1-dbgsym not available
WARNING: package libxtst6-dbgsym not available
WARNING: package libsepol1-dbgsym not available
WARNING: version 2.14.0-3ubuntu2 of dependency package libgnomecanvas2-0 is installed, but version 2.14.0-3ubuntu1 is required for retrace. Skipping.
WARNING: package libselinux1-dbgsym not available
WARNING: version 2.16.1-1 of dependency package libgconf2-4 is installed, but version 2.16.0-3 is required for retrace. Skipping.
WARNING: version 2.17.92-0ubuntu1 of dependency package libgnomeui-0 is installed, but version 2.17.91-0ubuntu1 is required for retrace. Skipping.
WARNING: version 2.17.92-0ubuntu1 of dependency package libgnome-desktop-2 is installed, but version 2.17.91-0ubuntu1 is required for retrace. Skipping.
WARNING: package libfreetype6-dbgsym not available
WARNING: package libjpeg62-dbgsym not available
WARNING: version 1.16.0-0ubuntu1 of dependency package libpango1.0-0 is installed, but version 1.15.6-0ubuntu1 is required for retrace. Skipping.
WARNING: package libxcb-xlib0-dbgsym not available
WARNING: version 2.10.9-0ubuntu2 of dependency package libgtk2.0-0 is installed, but version 2.10.9-0ubuntu1 is required for retrace. Skipping.
WARNING: package libxml2-dbgsym not available
WARNING: version 2.17.94-0ubuntu1 of dependency package libbonoboui2-0 is installed, but version 2.17.91-0ubuntu1 is required for retrace. Skipping.
WARNING: package libxinerama1-dbgsym not available
WARNING: version 2.17.92-0ubuntu1 of dependency package libgnome2-0 is installed, but version 2.17.91-0ubuntu1 is required for retrace. Skipping.
WARNING: version 1:2.14.7-0ubuntu1 of dependency package liborbit2 is installed, but version 1:2.14.6-0ubuntu1 is required for retrace. Skipping.
WARNING: version 2.17.92-0ubuntu1 of dependency package libbonobo2-0 is installed, but version 2.17.91-0ubuntu1 is required for retrace. Skipping.
WARNING: dbgsym for libgnomecanvas2-0 2.14.0-3ubuntu1 not found by glob "/home/martin/.ddebs/archives/libgnomecanvas2-0-dbgsym_2.14.0-3ubuntu1_*.ddeb"

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks for your bug report. The crash looks like a memory corruption. Could you try to get a valgrind log for it with libglib2.0-0-dbg libgtk2.0-0-dbg totem-gstreamer-dbgsym ? (you can follow the instructions from https://wiki.ubuntu.com/Valgrind for that)

Changed in totem:
assignee: nobody → desktop-bugs
importance: Undecided → Medium
status: Unconfirmed → Needs Info
Revision history for this message
fiferjim (fifers) wrote :

Here's the valgrind log - hope it helps.

Revision history for this message
Sebastien Bacher (seb128) wrote :

The valgrind log point to libtheora:

==24835== Invalid read of size 8
==24835== at 0x1F105F20: theora_comment_clear (in /usr/lib/libtheora.so.0.2.0)
==24835== by 0x21195D3B: (within /usr/lib/xine/plugins/1.1.4/xineplug_decode_theora.so)
==24835== by 0xA02CF1E: _x_free_video_decoder (in /usr/lib/libxine.so.1.16.0)
==24835== by 0xA03086B: (within /usr/lib/libxine.so.1.16.0)
==24835== by 0xB1542A4: start_thread (in /lib/libpthread-2.5.so)
==24835== by 0xC99B5DC: clone (in /lib/libc-2.5.so)
==24835== Address 0xF6780D8 is 0 bytes after a block of size 0 alloc'd
==24835== at 0x4C1FAF2: calloc (vg_replace_malloc.c:279)
==24835== by 0x1F124B1B: theora_decode_header (in /usr/lib/libtheora.so.0.2.0)
==24835== by 0x21196300: (within /usr/lib/xine/plugins/1.1.4/xineplug_decode_theora.so)
==24835== by 0xA030721: (within /usr/lib/libxine.so.1.16.0)
==24835== by 0xB1542A4: start_thread (in /lib/libpthread-2.5.so)

Changed in totem:
assignee: desktop-bugs → nobody
status: Needs Info → Confirmed
Revision history for this message
Oibaf (oibaf) wrote :

Does this problem still happen with 1.0~beta3-1~hardy1 (hardy backports) or 1.0~beta3-1 (intrepid)?

Changed in libtheora:
status: Confirmed → Incomplete
Revision history for this message
Oibaf (oibaf) wrote :

This should have been fixed in 1.0~beta3.

Changed in libtheora:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.