GNOME Bugzilla – Bug 145215
[PATCH] Fix double-free bug in gst-inspect
Last modified: 2004-12-22 21:47:04 UTC
Running gst-inspect on certain plug-ins (e.g. cdparanoia) produces a double-free abort() on FreeBSD. The problem is the g_slist_foreach() call to g_free() on each node in the found_signals GSList. A call to g_slist_free() should be sufficient to free all the memory in the GSList according to the API and various other examples. Attached is a patch that corrects the problem.
Created attachment 29124 [details] [review] Fix double-free in gst-inspect
This patch is wrong. g_slist_free() does not do anything with the ->data pointer, thus it needs to be freed separately. I can't reproduce a double free with 'gst-inspect cdparanoia'.
Then there needs to be a separate function to check to see if a node has already been freed. This is reliably reproduceable on FreeBSD with gstreamer-0.8.3, gst-plugins-0.8.2, and cdparanoia-3.9.8. Here is the full backtrace: GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Core was generated by `gst-inspect-0.8'. Program terminated with signal 6, Aborted. (gdb) bt full
+ Trace 47283
*** This bug has been marked as a duplicate of 144185 ***