After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 510592 - Race condition in WAVE parser
Race condition in WAVE parser
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
git master
Other Linux
: Normal normal
: 0.10.7
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2008-01-19 12:45 UTC by Victor STINNER
Modified: 2008-01-19 14:53 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Fix reported bug (509 bytes, patch)
2008-01-19 12:45 UTC, Victor STINNER
committed Details | Review

Description Victor STINNER 2008-01-19 12:45:37 UTC
Hi, I tried a fuzzer on Gstreamer to find bugs, and I found some bugs :-) Here is my first fix: set header to NULL after g_free() in gst_wavparse_stream_headers() since it's re-freed later (eg. no_channels label).

See attached patch.
Comment 1 Victor STINNER 2008-01-19 12:45:57 UTC
Created attachment 103193 [details] [review]
Fix reported bug
Comment 2 Sebastian Dröge (slomo) 2008-01-19 14:53:37 UTC
Thanks, committed. There actually was no way to get a double free (the only points where this label is used are before the free) but there was a usage of the variable after free (invalid_blockalign label).

Thanks for spotting.

2008-01-19  Sebastian Dröge  <slomo@circular-chaos.org>

	Based on a patch by:
	    Victor STINNER <victor dot stinner at haypocalc dot com>

	* gst/wavparse/gstwavparse.c: (gst_wavparse_stream_headers):
	Set variable to NULL after freeing it to prevent double frees
	or make failures by another use of it afterwards more obvious
	and fix use of it after the freeing.