After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 784282 - rtspsrc crash when HTTP tunneling with digest authentication
rtspsrc crash when HTTP tunneling with digest authentication
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
1.12.1
Other Mac OS
: Normal blocker
: 1.12.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-06-28 12:42 UTC by joel.gstreamer
Modified: 2017-07-04 06:19 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description joel.gstreamer 2017-06-28 12:42:05 UTC
Starting in commit 4c7fad2dba108e5d6413579a23041445ae7df469, locks were added in rtspsrc. However, there is one case where you try to free the mutex when it wasn't initialized. Here is how I reproduced it:

1. Use an RTSP stream with digest authentication and HTTP tunneling.
2. Connect to the stream
3. The stream will return 401 unauthorized at first because you must re-authenticate with digest parameters.
4. At this point in gst_rtsp_conninfo_connect, rtspsrc will immediately call gst_rtsp_conninfo_close.
5. gst_rtsp_conninfo_close will then attempt to free the mutex with these lines:
g_mutex_clear (&info->send_lock);
g_mutex_clear (&info->recv_lock);
6. This will lead to a crash because the mutex was never initialized. The mutex's are only initialized after the initial connection is created which this path never gets to.
Comment 1 Tim-Philipp Müller 2017-06-28 12:49:57 UTC
Marking as blocker, since it appears to be a regression.
Comment 2 Nicolas Dufresne (ndufresne) 2017-06-28 14:20:17 UTC
Please when fixing, just create the mutex once, it's silly to create and destroy mutex for very connect/disconnect.
Comment 3 Sebastian Dröge (slomo) 2017-06-29 16:01:35 UTC
Backporting to 1.12 later.

commit cd17c71dcea5c9310d21f1347c7520983e5869ac (HEAD -> master, origin/master, origin/HEAD)
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Thu Jun 29 18:59:58 2017 +0300

    rtspsrc: Create send/recv mutexes once, not on every connect()
    
    Also fixes a crash caused by freeing an uninitialized mutex in an error
    case.
    
    https://bugzilla.gnome.org//show_bug.cgi?id=784282