After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 759430 - queue: Illegal memory access of sink event
queue: Illegal memory access of sink event
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gstreamer (core)
git master
Other Linux
: Normal normal
: 1.7.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2015-12-14 01:32 UTC by Vineeth
Modified: 2015-12-14 10:43 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Fix invalid memory access of event. (1.84 KB, patch)
2015-12-14 01:35 UTC, Vineeth
committed Details | Review

Description Vineeth 2015-12-14 01:32:51 UTC
Once event is pushed to pad, then queue should not access the event. This is leading to invalid read valgrind errors

==27899== Invalid read of size 4
==27899==    at 0x499B92D: gst_queue_handle_sink_event (gstqueue.c:990)
==27899==    by 0x40C219C: gst_pad_send_event_unchecked (gstpad.c:5551)
==27899==    by 0x40C27E6: gst_pad_push_event_unchecked (gstpad.c:5210)
==27899==    by 0x40CDD1F: gst_pad_push_event (gstpad.c:5347)
==27899==    by 0x804CD03: test_queries_while_flushing (queue.c:895)
==27899==    by 0x404FBAA: srunner_run (check_run.c:450)
==27899==    by 0x404FC62: srunner_run_all (check_run.c:674)
==27899==    by 0x4042A97: gst_check_run_suite (gstcheck.c:825)
==27899==    by 0x80498BF: main (queue.c:1175)
==27899==  Address 0x4601d2c is 36 bytes inside a block of size 64 free'd
==27899==    at 0x402D3D8: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==27899==    by 0x423CD2F: g_free (in /lib/i386-linux-gnu/libglib-2.0.so.0.4002.0)
==27899==    by 0x425387A: g_slice_free1 (in /lib/i386-linux-gnu/libglib-2.0.so.0.4002.0)
==27899==    by 0x40AFAA6: _gst_event_free (gstevent.c:228)
==27899==    by 0x40BF550: gst_mini_object_unref (gstminiobject.c:467)
==27899==    by 0x40C1C91: gst_pad_send_event_unchecked (gstevent.h:430)
==27899==    by 0x40C27E6: gst_pad_push_event_unchecked (gstpad.c:5210)
==27899==    by 0x40CDD1F: gst_pad_push_event (gstpad.c:5347)
==27899==    by 0x499BD96: gst_queue_handle_sink_event (gstqueue.c:912)
==27899==    by 0x40C219C: gst_pad_send_event_unchecked (gstpad.c:5551)
==27899==    by 0x40C27E6: gst_pad_push_event_unchecked (gstpad.c:5210)
==27899==    by 0x40CDD1F: gst_pad_push_event (gstpad.c:5347)
==27899==    by 0x804CD03: test_queries_while_flushing (queue.c:895)
==27899==    by 0x404FBAA: srunner_run (check_run.c:450)
==27899==    by 0x404FC62: srunner_run_all (check_run.c:674)
==27899==    by 0x4042A97: gst_check_run_suite (gstcheck.c:825)
==27899==    by 0x80498BF: main (queue.c:1175)
Comment 1 Vineeth 2015-12-14 01:35:00 UTC
Created attachment 317324 [details] [review]
Fix invalid memory access of event.

This started happening after
https://bugzilla.gnome.org/show_bug.cgi?id=757821

if (GST_EVENT_TYPE (event) == GST_EVENT_CAPS)

event is being accessed after passing to the pad.
Comment 2 Sebastian Dröge (slomo) 2015-12-14 09:46:46 UTC
commit 78614c505a2a761cb4dcb7f4e5f3e9f97c9a8e88
Author: Vineeth TM <vineeth.tm@samsung.com>
Date:   Mon Dec 14 10:32:14 2015 +0900

    queue: Illegal memory access of sink event
    
    Once event is pushed to pad, then queue should not access the event.
    This is leading to invalid read valgrind errors
    
    https://bugzilla.gnome.org/show_bug.cgi?id=759430
Comment 3 Luis de Bethencourt 2015-12-14 10:40:56 UTC
Very nice, Vineeth :)
Comment 4 Sebastian Dröge (slomo) 2015-12-14 10:43:51 UTC
Actually I reverted it again :)

commit 33ded76ab8eafb9718460c8a01377b9f408124ea
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Mon Dec 14 11:20:43 2015 +0100

    queue/multiqueue: Don't special-case CAPS events in the event handlers
    
    For CAPS events we will never ever have a FALSE return value here, so just
    remove the dead code instead of causing future confusion.

commit 0636fe1391d6e474bb215f24746632245449c210
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Mon Dec 14 11:16:50 2015 +0100

    Revert "queue: Illegal memory access of sink event"
    
    This reverts commit 78614c505a2a761cb4dcb7f4e5f3e9f97c9a8e88.
    
    The code it was fixing does not have any effect anyway and will be removed in
    the next commit.