After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 735570 - Race condition between close() and handle_tunnel() causing crash
Race condition between close() and handle_tunnel() causing crash
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-rtsp-server
unspecified
Other Linux
: Normal normal
: 1.4.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2014-08-28 07:54 UTC by Göran Jönsson
Modified: 2014-09-04 09:55 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
patch in gst-rtsp-server (1.50 KB, patch)
2014-08-28 07:54 UTC, Göran Jönsson
reviewed Details | Review
new patch gst-rtsp-server (2.45 KB, patch)
2014-08-28 11:40 UTC, Göran Jönsson
committed Details | Review

Description Göran Jönsson 2014-08-28 07:54:10 UTC
Created attachment 284663 [details] [review]
patch in gst-rtsp-server

Crash because when releasing tunnels lock in handle_tunnel(rtsp-client.c) it is possible for a another thread 
to run close that calls gst_rtsp_client_set_send_func that will unref watch and watch will bde desroyed.

Solution is to release tunnel lock after call of gst_rtsp_watch_reset (opriv->watch);
Comment 1 Sebastian Dröge (slomo) 2014-08-28 07:58:17 UTC
Review of attachment 284663 [details] [review]:

This look is only there for the tunnels hashtable AFAIU. Maybe a different one is needed here?
Comment 2 Göran Jönsson 2014-08-28 11:40:08 UTC
Created attachment 284681 [details] [review]
new patch gst-rtsp-server

New patch
Comment 3 Sebastian Dröge (slomo) 2014-09-04 07:40:40 UTC
Please try to write complete sentences in your commit messages :)

commit 09bf2025f810cdad3127162dcce80a7dc73099e0
Author: Göran Jönsson <goranjn@axis.com>
Date:   Thu Aug 28 13:35:15 2014 +0200

    rtsp-client: Protect saved clients watch with a mutex
    
    Fixes a crash when close() is called while merging clients
    in handle_tunnel(). In that case close() would destroy the
    watch while it is still being used in handle_tunnel().
    
    https://bugzilla.gnome.org/show_bug.cgi?id=735570