Skip to content
GitLab
Closed
Created by Tobias Friemel@tfriem

Mkvpropedit crashes when adding tags to matroska file created with GStreamer

I'm using mkvpropedit to add tags to matroska files that were created using GStreamer (matroskamux element). After switching from Debian 10 to 11 with a newer mkvtoolnix version, I observed crashes due to "stack smashing detected". After analyzing the problem, I found that both versions create a matroska file that may not be valid.

I'm suspecting the root cause is GStreamer generating a file with a seek head, that doesn't list the tags segment in the file. I will also create a bug report against GStreamer and link it here. GStreamer issue: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1150. But it may be also a good thing to make mkvtoolnix more resilent for this case.

Test case:

Run on Debian 11 with GStreamer 1.18.4 and mkvtoolnix 67.0.0 from mkvtoolnix repository.

mkv.xml XML with tags for mkvpropedit

  1. Create matroska/h264 file with GStreamer: gst-launch-1.0 videotestsrc num-buffers=1000 ! x264enc ! matroskamux ! filesink location=test.mkv
  2. Run mkvpropedit multiple times: mkvpropedit test.mkv --tags track:1:mkv_full.xml --edit info --set title=Test

Console output:

$ mkvpropedit --version
mkvpropedit v67.0.0 ('Under Stars') 64-bit

$ mkvpropedit test.mkv --tags track:1:mkv.xml --edit info --set title=Test
The file is being analyzed.
The changes are written to the file.
*** stack smashing detected ***: terminated
[1]    115953 abort      mkvpropedit test.mkv --tags track:1:mkv.xml --edit info --set title=Test

$ mkvpropedit test.mkv --tags track:1:mkv.xml --edit info --set title=Test
The file is being analyzed.
The changes are written to the file.
kax_analyzer_update_element_4: Interal data structure corruption at pos 7 (size + position > next position); dumping elements
0: SeekHeader size 143 at 44
1: EBMLVoid size 2 at 187
2: Info size 133 at 189
3: EBMLVoid size 2 at 322
4: Tracks size 167 at 324
5: Cluster size 1862666 at 491
6: Cues size 202 at 6249005
7: EBMLVoid size 133 at 6249207
8: Tags size 373 at 6249207
Error: The file 'test.mkv' could not be opened for reading and writing, or a read/write operation on it failed: The data in the file is corrupted and cannot be modified safely.

$ mkvpropedit test.mkv --tags track:1:mkv.xml --edit info --set title=Test
The file is being analyzed.
The changes are written to the file.
*** stack smashing detected ***: terminated
[1]    116163 abort      mkvpropedit test.mkv --tags track:1:mkv.xml --edit info --set title=Test

$ mkvpropedit test.mkv --tags track:1:mkv.xml --edit info --set title=Test
The file is being analyzed.
The changes are written to the file.
*** stack smashing detected ***: terminated
[1]    116268 abort      mkvpropedit test.mkv --tags track:1:mkv.xml --edit info --set title=Test

$ mkvpropedit test.mkv --tags track:1:mkv.xml --edit info --set title=Test
The file is being analyzed.
The changes are written to the file.
*** stack smashing detected ***: terminated
[1]    116373 abort      mkvpropedit test.mkv --tags track:1:mkv.xml --edit info --set title=Test

Stack trace for crash on first run:

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff74a8537 in __GI_abort () at abort.c:79
#2  0x00007ffff7501768 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff760fc24 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff7590722 in __GI___fortify_fail (msg=msg@entry=0x7ffff760fc0c "stack smashing detected") at fortify_fail.c:26
#4  0x00007ffff7590700 in __stack_chk_fail () at stack_chk_fail.c:24
#5  0x0000000000987832 in libebml::EbmlElement::MakeRenderHead (this=this@entry=0xb1b2e0, output=..., bKeepPosition=false) at lib/libebml/ebml/EbmlId.h:82
#6  0x0000000000986d86 in libebml::EbmlElement::RenderHead (this=0xb1b2e0, output=..., bForceRender=<optimized out>, bWithDefault=<optimized out>, bKeepPosition=false) at lib/libebml/src/EbmlElement.cpp:624
#7  libebml::EbmlElement::Render (this=0xb1b2e0, output=..., bWithDefault=<optimized out>, bKeepPosition=false, bForceRender=<optimized out>) at lib/libebml/src/EbmlElement.cpp:602
#8  0x0000000000460fda in mtx::doc_type_version_handler_c::do_update_ebml_head (this=<optimized out>, file=...) at src/common/doc_type_version_handler.cpp:153
#9  0x0000000000460a6d in mtx::doc_type_version_handler_c::update_ebml_head (this=0x2, file=...) at src/common/doc_type_version_handler.cpp:89
#10 0x000000000041a3ef in update_ebml_head (file=...) at src/propedit/propedit.cpp:112
#11 run (options=warning: RTTI symbol not found for class 'std::_Sp_counted_ptr<options_c*, (__gnu_cxx::_Lock_policy)2>'

Structure of the matroska files as outputted by mkvinfo -a

before.txt File created with GStreamer. There is a tags segment, but it's not listed in seek head.

after_first_run.txt Mkv prop edit run once. An additional tags segment was created.

after_second_run.txt Mkv prop edit run twice.

after_third_run.txt Mkv prop edit run a thrid time. Mkvinfo also outputs an warning about the structure at the end.

Edited by Tobias Friemel