After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 777530 - decodebin3: Fix crash caused by slot double freeing
decodebin3: Fix crash caused by slot double freeing
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-base
git master
Other Linux
: Normal normal
: 1.11.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-01-20 10:50 UTC by Seungha Yang
Modified: 2017-01-31 16:18 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
decodebin3: Fix crash caused by slot double freeing (3.18 KB, patch)
2017-01-20 10:51 UTC, Seungha Yang 		none Details | Review
decodebin3: Fix crash caused by slot double freeing (2.83 KB, patch)
2017-01-20 10:55 UTC, Seungha Yang 		committed Details | Review

Description Seungha Yang 2017-01-20 10:50:43 UTC 
Probe for MultiQueue source pad might receive EOS twice,
the first is fake-eos and the other is actual EOS.
And the slot can be freed with fake-eos/EOS if the slot has no input.

Since slot freeing is async, double free can be possible.
So, decodebin3 needs to remove the probe also with slot freeing.
Comment 1 Seungha Yang 2017-01-20 10:51:26 UTC 
Created attachment 343893 [details] [review]
decodebin3: Fix crash caused by slot double freeing
Comment 2 Seungha Yang 2017-01-20 10:55:34 UTC 
Created attachment 343895 [details] [review]
decodebin3: Fix crash caused by slot double freeing
Comment 3 Edward Hervey 2017-01-31 16:18:43 UTC 
commit 6b5617c2a72a4a48fdccfe5dfcce3fa56a9ca738
Author: Seungha Yang <sh.yang@lge.com>
Date:   Fri Jan 20 19:49:46 2017 +0900

    decodebin3: Fix crash caused by slot double freeing
    
    Probe for MultiQueue source pad might receive EOS twice,
    the first is fake-eos and the other is actual EOS.
    And the slot can be freed with fake-eos/EOS if the slot has no input.
    
    Since slot freeing is async, double free can be possible.
    So, decodebin3 needs to remove the probe also with slot freeing.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=777530