GNOME Bugzilla – Bug 532864
gstreamer-properties crashed with SIGSEGV in strcmp()
Last modified: 2009-04-14 18:38:42 UTC
This report has been filed here: https://bugs.edge.launchpad.net/ubuntu/+source/gnome-media/+bug/217965 "crashed while testing video in from webcam. My webcam is a Genius WebCamMesenger with a Microdia chip on it lsusb: Bus 003 Device 002: ID 0c45:602e Microdia" ".
+ Trace 197579
Thread 1 (process 6586)
I am not sure if it's a gstreamer issue.
let's reassign to gstreamer. It's hard to tell which element is causing the crash. Any idea? v4lsrc?
strcmp crashes if either argument is NULL. As this is the code, the only explanation would be pspecs->data==NULL. This would mean that the v4lsrc or v4l2src have no "device" property. For now I added a check for pspec!=NULL. Not sure what to do with the bug though. const GParamSpec * gst_property_probe_get_property (GstPropertyProbe * probe, const gchar * name) { const GList *pspecs = gst_property_probe_get_properties (probe); g_return_val_if_fail (probe != NULL, NULL); g_return_val_if_fail (name != NULL, NULL); while (pspecs) { const GParamSpec *pspec = pspecs->data; if (!strcmp (pspec->name, name)) return pspec; pspecs = pspecs->next; } return NULL; }
If pspec was NULL, it wouldn't be crashing in strcmp(), but in gst_property_probe_get_property(), would it? So I don't really see how your fix makes sense. > strcmp crashes if either argument is NULL. It might also crash if either argument is a bogus pointer or a pointer to freed memory, or memory corruption occured that makes strcmp read beyond the allocated memory etc.
When gst_property_probe_get_property() iterates over pspecs and pspecs->data (=pspec) is NULL, then it would pass random data to strcmp when dereferencing pspec->name. That would also match with the backtrace. I can't reproduce it here, but don't see how checking that pspec!=NULL is a bad thing anyway. The only thing incorrect in my comment was what you quoted. The crash is more likely because of a dereferenced NULL pointer.
Pedro, does that still happen?
I'm asking in the downstream report, will comment back as soon as i get a response there, thanks.
Pedro, any reply?
Nope, didn't get any reply on the downstream report, Let's close this report if i got any comment there regarding if it's still an issue with latest packages will reopen this report, thanks Stefan.