After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 630783 - [frei0r] Crashes if broken plugins don't give correct property information
[frei0r] Crashes if broken plugins don't give correct property information
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
0.10.19
Other Linux
: Normal major
: 0.10.21
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2010-09-28 02:52 UTC by mar77i
Modified: 2010-09-28 14:16 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description mar77i 2010-09-28 02:52:23 UTC 
On recent archlinux the following problem is happening to me:

using pidgin-2.7.3 with the mentioned gstreamer0.10-bad created a segfault in gstfrei0r.c line 78, where an empty prop_name crashes program execution.

I'm not sure what the cause is exactly, and who is providing what data and if it's valid / why it's not. This is the call stack with debug symbols enabled in both pidgin and gstreamer0.10-bad (I missed the main gstreamer0.10 library tho):

+ Trace 223922

  • #0 gst_frei0r_klass_install_properties
    at gstfrei0r.c line 78
  • #1 gst_frei0r_filter_class_init
    at gstfrei0rfilter.c line 192
  • #2 g_type_class_ref
    from /usr/lib/libgobject-2.0.so.0
  • #3 gst_element_register
    from /usr/lib/libgstreamer-0.10.so.0
  • #4 gst_frei0r_filter_register
    at gstfrei0rfilter.c line 266
  • #5 register_plugin
    at gstfrei0r.c line 550
  • #6 register_plugins
    at gstfrei0r.c line 597
  • #7 plugin_init
    at gstfrei0r.c line 623
  • #8 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #9 gst_plugin_load_file
    from /usr/lib/libgstreamer-0.10.so.0
  • #10 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #11 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #12 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #13 gst_update_registry
    from /usr/lib/libgstreamer-0.10.so.0
  • #14 ??
    from /usr/lib/libgstreamer-0.10.so.0
  • #15 g_option_context_parse
    from /usr/lib/libglib-2.0.so.0
  • #16 gst_init_check
    from /usr/lib/libgstreamer-0.10.so.0
  • #17 finch_sound_init
    at gntsound.c line 383
  • #18 gnt_ui_init
    at gntui.c line 68
  • #19 purple_core_init
    from /usr/lib/libpurple.so.0
  • #20 init_libpurple
    at finch.c line 372
  • #21 gnt_start
    at finch.c line 423
  • #22 main
    at finch.c line 439 

I've set up a patch which works here:

diff -ru gst-plugins-bad-0.10.19/gst/frei0r/gstfrei0r.c gst-plugins-bad-0.10.19_/gst/frei0r/gstfrei0r.c
--- gst-plugins-bad-0.10.19/gst/frei0r/gstfrei0r.c      2010-05-14 02:48:27.000000000 +0200
+++ gst-plugins-bad-0.10.19_/gst/frei0r/gstfrei0r.c     2010-09-28 04:08:05.000000000 +0200
@@ -75,7 +75,7 @@
     prop_name = g_ascii_strdown (param_info->name, -1);
     g_strcanon (prop_name, G_CSET_A_2_Z G_CSET_a_2_z G_CSET_DIGITS "-+", '-');
     /* satisfy glib2 (argname[0] must be [A-Za-z]) */
-    if (!((prop_name[0] >= 'a' && prop_name[0] <= 'z') ||
+    if (!prop_name || !((prop_name[0] >= 'a' && prop_name[0] <= 'z') ||
             (prop_name[0] >= 'A' && prop_name[0] <= 'Z'))) {
       gchar *tempstr = prop_name;
 


...I don't have much of a clue of this gdb thingy. Maybe someone could give me a hint on how to get to the bottom of this bug.

kind regards + keep up the good work!
mar77i
Comment 1 Sebastian Dröge (slomo) 2010-09-28 08:00:09 UTC 
Which frei0r plugins do you have installed? If you run
GST_DEBUG=frei0r:5 gst-inspect-0.10 frei0r

without your patch, you should see at which plugin it crashes. This frei0r plugin is buggy and should be removed but something like your patch is nonetheless a good idea. But a plugin with a NULL property name shouldn't be registered at all.
Comment 2 mar77i 2010-09-28 14:05:10 UTC 
gstfrei0r.c 69-78:
----------------
  for (i = 0; i < n_properties; i++) {
    f0r_param_info_t *param_info = &properties[i].info;
    gchar *prop_name;

    ftable->get_param_info (param_info, i);

    prop_name = g_ascii_strdown (param_info->name, -1);
    g_strcanon (prop_name, G_CSET_A_2_Z G_CSET_a_2_z G_CSET_DIGITS "-+", '-');
    /* satisfy glib2 (argname[0] must be [A-Za-z]) */
    if (!((prop_name[0] >= 'a' && prop_name[0] <= 'z') ||

vertigo.c 61-89:
----------------
void f0r_get_plugin_info(f0r_plugin_info_t* vertigoInfo)
{
  vertigoInfo->name = "Vertigo";
  vertigoInfo->author = "Fukuchi Kentarou";
  vertigoInfo->plugin_type = F0R_PLUGIN_TYPE_FILTER;
  vertigoInfo->color_model = F0R_COLOR_MODEL_RGBA8888;
  vertigoInfo->frei0r_version = FREI0R_MAJOR_VERSION;
  vertigoInfo->major_version = 1;
  vertigoInfo->minor_version = 0;
  vertigoInfo->num_params =  3;
  vertigoInfo->explanation = "alpha blending with zoomed and rotated images";
}

void f0r_get_param_info(f0r_param_info_t* info, int param_index)
{
  switch(param_index)
  {
  case 0:
    info->name = "PhaseIncrement";
    info->type = F0R_PARAM_DOUBLE;
    info->explanation = "Phase increment";
    break;
  case 1:
    info->name = "Zoomrate";
    info->type = F0R_PARAM_DOUBLE;
    info->explanation = "Zoomrate";
    break;
  }
}

well, if you know c, you know it's going to break. A "continue" trap would be a solution....
Comment 3 Sebastian Dröge (slomo) 2010-09-28 14:16:45 UTC 
commit 498620d16c8661d216c45694622c540cfb838b90
Author: Sebastian Dröge <sebastian.droege@collabora.co.uk>
Date:   Tue Sep 28 16:14:14 2010 +0200

    frei0r: Fix crashes if plugins don't provide correct property information
    
    The vertigo plugin for example claims to have 3 properties but
    the 3rd property does nothing and has a NULL name.
    
    Fixes bug #630783.
    
    Thanks to Martti Kühne for debugging this.