vlc crashed with SIGSEGV in LibavutilCallback()

Bug #275565 reported by kyleabaker on 2008-09-28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)

Bug Description

Binary package hint: vlc

1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu.
Description: Ubuntu intrepid (development branch)
Release: 8.10

2) The version of the package you are using, via 'apt-cache policy packagename' or by checking in Synaptic.
  Installed: 0.9.3-0ubuntu1
  Candidate: 0.9.3-0ubuntu1
  Version table:
 *** 0.9.3-0ubuntu1 0
        500 http://us.archive.ubuntu.com intrepid/multiverse Packages
        100 /var/lib/dpkg/status

3) What you expected to happen
I expected the video to begin playing again and once it started and I pressed stop for it to stop just like it stopped when the video ended the first time I watched it.

4) What happened instead
Stopping the video the second time around caused VLC media player to freeze and crash.

I was watching the following YouTube video in VLC. It finished, then it collapsed while it was playing nothing so I hit play and it began to load again then I decided not to listen to it again and hit stop..which caused it to crash.

ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/bin/vlc
NonfreeKernelModules: nvidia
Package: vlc-nox 0.9.3-0ubuntu1
ProcAttrCurrent: unconfined
ProcCmdline: vlc
Signal: 11
SourcePackage: vlc
 ?? () from /usr/lib/libvlccore.so.0
 LibavutilCallback ()
 av_log () from /usr/lib/libavutil.so.49
 ?? () from /usr/lib/libavcodec.so.51
 ff_h263_decode_mb () from /usr/lib/libavcodec.so.51
Title: vlc crashed with SIGSEGV in LibavutilCallback()
Uname: Linux 2.6.27-4-generic x86_64
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev video

kyleabaker (kyleabaker) wrote :

StacktraceTop:QueueMsg (p_this=0x0, i_type=0, psz_module=0x4768b040 "��hG",
LibavutilCallback (p_opaque=0x2565700, i_level=<value optimized out>,
av_log (avcl=0x0, level=2, fmt=0x7f470dbb15a9 "avcodec")
h263_decode_block (s=0x0, block=0x2, n=1, coded=0)
ff_h263_decode_mb (s=0x0, block=0x2)

Changed in vlc:
importance: Undecided → Medium
Fabrice Coutadeur (fabricesp) wrote :

A lot of memory leaks has been fixed with vlc 0.9.4.
As the video is not available anymore, and that I've not been able to reproduce the problem, can you test the last vlc version?

Changed in vlc:
status: New → Incomplete
Fabrice Coutadeur (fabricesp) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in vlc:
status: Incomplete → Invalid
goto (gotolaunchpad) wrote :

Confirmed due to duplicate.

Changed in vlc:
status: Invalid → Confirmed
Martin Olsson (mnemo) wrote :

I'm not sure this is the exact same as my bug, but I've attached the exact .mpg file that caused the crash I reported. My bug was closed as a duplicate of this one.

Fabrice Coutadeur (fabricesp) wrote :

I'm not able to play this mpeg file with anything (nor mplayer, avidemux, ..) With which player are you able to play this file?

Changed in vlc:
status: Confirmed → Incomplete
goto (gotolaunchpad) wrote :

I think the point is that this file is actually corrupt (iirc he said something like this in the duplicate bug). But even if the file is corrupted is must not crash vlc player.

Changed in vlc:
status: Incomplete → Confirmed
Martin Olsson (mnemo) wrote :

Yes, that's correct. The file is corrupt and won't play in any player. However, VLC also runs as a browser plugin so this bug could be used to crash people's browser remotely. It's not at all inconceivable that this bug also opens for remote code execution (if it's some form of buffer or integer overflow for example).

Fabrice Coutadeur (fabricesp) wrote :

Backtrace in Jaunty:
(gdb) backtrace
#0 0x00007f67260548a5 in fast_memcpy (to=0x7f67005b4000, from=0x2ff5568,
    len=1292) at fastmemcpy.h:342
#1 0x00007f671a3b082a in DecodeVideo (p_dec=0x23df1b8,
    pp_block=<value optimized out>) at video.c:796
#2 0x00007f6745d0909e in DecoderDecodeVideo (p_dec=0x23df1b8,
    p_block=0x244f0e0) at input/decoder.c:841
#3 0x00007f6745d09ef6 in DecoderDecode (p_dec=0x23df1b8, p_block=0x244f0e0)
    at input/decoder.c:1044
#4 0x00007f6745d0a9eb in DecoderThread (p_this=0x23df1b8)
    at input/decoder.c:594
#5 0x00007f6745d53116 in thread_entry (data=<value optimized out>)
    at misc/threads.c:465

Xtophe (xtophe) wrote :

regarding vlc_crash.mpg, it's a bug in libavcodec. ffplay crash also on it. (well very recent ffplay from svn doesn't really crash but get stuck)
Running a debug version of vlc yields:
*** glibc detected *** ./bin/vlc-static: free(): invalid pointer: 0xb2520020 ***
======= Backtrace: =========

and gdb says:
#0 0xb7ef1424 in __kernel_vsyscall ()
#1 0xb7ba7640 in raise () from /lib/i686/cmov/libc.so.6
#2 0xb7ba9018 in abort () from /lib/i686/cmov/libc.so.6
#3 0xb7be434d in __libc_message () from /lib/i686/cmov/libc.so.6
#4 0xb7bea624 in malloc_printerr () from /lib/i686/cmov/libc.so.6
#5 0xb7bec826 in free () from /lib/i686/cmov/libc.so.6
#6 0xb7449f56 in av_freep (arg=0x9195198) at libavutil/mem.c:128
#7 0xb708ff11 in avcodec_default_free_buffers (s=0x91ad2c0)
    at libavcodec/utils.c:824
#8 0xb71c1c45 in ff_h263_decode_end (avctx=0x91ad2c0)
    at libavcodec/h263dec.c:126
#9 0xb70912f7 in avcodec_close (avctx=0x91ad2c0) at libavcodec/utils.c:575
#10 0xb7084eb9 in CloseDecoder (p_this=0x91a8428)
    at ../../../../modules/codec/avcodec/avcodec.c:315
#11 0xb7e8309f in __module_unneed (p_this=0x91a8428, p_module=0x9131bb0)
    at ../../src/modules/modules.c:681

(Can't comment on the youtube one as the video has been removed)

Rémi Denis-Courmont (rdenis) wrote :

FYI, this libavutilcallback crash is fixed in VLC 1.0.

Rémi Denis-Courmont (rdenis) wrote :

This is fixed in VLC 1.0.2 already.

Changed in vlc (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers