GNOME Bugzilla – Bug 462085
registry feature hash can access invalid memory
Last modified: 2007-07-31 11:53:02 UTC
When replacing an existing feature in the registry, the new feature hash might access invalid memory because the old feature has been unreffed (freeing the name string), but the registry feature hash stores a pointer to the name, not a copy.
Created attachment 92785 [details] [review] proposed patch for registry hash This patch makes sure that when replacing an existing pluginfeature, the existing feature is not unreffed until after the name string is no longer need - by using g_hash_table_replace instead of g_hash_table_insert and unreffing the old feature afterward.
Committed after a brief review on IRC: 2007-07-31 Jan Schmidt <thaytan@mad.scientist.com> * gst/gstregistry.c: (gst_registry_add_feature): When replacing an existing feature in the registry, make sure to continue holding a reference until we've replaced the name string within our feature hash table. Make sure to use g_hash_table_replace instead of g_hash_table_insert to ensure the new name string is used as a key instead of the old one that we're about to free. Fixes: #462085