Playing a DVD: factory_can_intersect: assertion 'factory != NULL' failed
- Install totem from Flathub: https://flathub.org/apps/details/org.gnome.Totem
- Try to play a DVD (exploded-tree or ISO) by DND'ing it on an opened video
libdvdnav: Using dvdnav version 6.0.0
libdvdnav: DVD Title: TETRO
libdvdnav: DVD Serial Number: 4BCC0D06___MVB__
libdvdnav: DVD Title (Alternative):
libdvdnav: DVD disk reports itself with Region mask 0x00fd0000. Regions: 2
libdvdread: Attempting to retrieve all CSS keys
libdvdread: This can take a _long_ time, please be patient
[...]
** (totem:4): CRITICAL **: 13:33:12.698: factory_can_intersect: assertion 'factory != NULL' failed
** (totem:4): CRITICAL **: 13:33:12.700: factory_can_intersect: assertion 'factory != NULL' failed
** (totem:4): CRITICAL **: 13:33:12.703: factory_can_intersect: assertion 'factory != NULL' failedGStreamer 1.16.1. Updating gst-plugins-{bad,ugly} to 1.16.2 (without updating the core and base) doesn't fix the problem.
Looks like a use-after-free:
==23== Thread 9 dvdsrc:src:
==23== Invalid read of size 8
==23== at 0x13DCE331: gst_auto_convert_getcaps (gstautoconvert.c:1092)
==23== by 0x13DCE6C1: gst_auto_convert_sink_query (gstautoconvert.c:1004)
==23== by 0x570C0A7: gst_pad_query (gstpad.c:4072)
==23== by 0x570C7FA: gst_pad_peer_query (gstpad.c:4204)
==23== by 0x5744B4B: query_caps_func (gstutils.c:2765)
==23== by 0x570ABAD: gst_pad_forward (gstpad.c:3008)
==23== by 0x5747879: gst_pad_proxy_query_caps (gstutils.c:2815)
==23== by 0x570ADD7: gst_pad_query_caps_default (gstpad.c:3187)
==23== by 0x570ADD7: gst_pad_query_default (gstpad.c:3415)
==23== by 0x570C0A7: gst_pad_query (gstpad.c:4072)
==23== by 0x570C7FA: gst_pad_peer_query (gstpad.c:4204)
==23== by 0x574A7FB: gst_pad_peer_query_caps (gstutils.c:3107)
==23== by 0x1895970B: gst_mpegv_parse_get_caps (gstmpegvideoparse.c:1180)
==23== Address 0x7540690 is 0 bytes inside a block of size 24 free'd
==23== at 0x4839AFF: free (vg_replace_malloc.c:530)
==23== by 0x49B24F9: g_slice_free_chain_with_offset (gslice.c:1231)
==23== by 0x13DCE1E7: gst_auto_convert_load_factories (gstautoconvert.c:900)
==23== by 0x13DCE557: gst_auto_convert_getcaps (gstautoconvert.c:1089)
==23== by 0x13DCE6C1: gst_auto_convert_sink_query (gstautoconvert.c:1004)
==23== by 0x570C0A7: gst_pad_query (gstpad.c:4072)
==23== by 0x570C7FA: gst_pad_peer_query (gstpad.c:4204)
==23== by 0x5744B4B: query_caps_func (gstutils.c:2765)
==23== by 0x570ABAD: gst_pad_forward (gstpad.c:3008)
==23== by 0x5747879: gst_pad_proxy_query_caps (gstutils.c:2815)
==23== by 0x570ADD7: gst_pad_query_caps_default (gstpad.c:3187)
==23== by 0x570ADD7: gst_pad_query_default (gstpad.c:3415)
==23== by 0x570C0A7: gst_pad_query (gstpad.c:4072)
==23== Block was alloc'd at
==23== at 0x48388B3: malloc (vg_replace_malloc.c:299)
==23== by 0x49992D8: g_malloc (gmem.c:99)
==23== by 0x49B18D5: g_slice_alloc (gslice.c:1024)
==23== by 0x498ED49: g_list_prepend (glist.c:314)
==23== by 0x5725465: gst_registry_feature_filter (gstregistry.c:843)
==23== by 0x13DCE1BB: gst_auto_convert_load_factories (gstautoconvert.c:891)
==23== by 0x13DCE557: gst_auto_convert_getcaps (gstautoconvert.c:1089)
==23== by 0x13DCE6C1: gst_auto_convert_sink_query (gstautoconvert.c:1004)
==23== by 0x570C0A7: gst_pad_query (gstpad.c:4072)
==23== by 0x570C7FA: gst_pad_peer_query (gstpad.c:4204)
==23== by 0x5744B4B: query_caps_func (gstutils.c:2765)
==23== by 0x570ABAD: gst_pad_forward (gstpad.c:3008)