Bug 751528 – mpegdemux: Fix a prevent defect which dereference null return value

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 751528 - mpegdemux: Fix a prevent defect which dereference null return value


Summary:	mpegdemux: Fix a prevent defect which dereference null return value


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-bad
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	1.5.90
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-06-26 07:20 UTC by Sangkyu Park (sangkyup)
Modified:	2015-08-16 13:41 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
It is a prevent defect which dereference null return value. 'gst_flups_demux_get_stream' function could return NULL when it is unknown stream. So I added NULL check. (1.52 KB, patch) 2015-06-26 07:23 UTC, Sangkyu Park (sangkyup)	none	Details \| Review
I fixed a typing error in patch. (1.52 KB, patch) 2015-06-26 07:26 UTC, Sangkyu Park (sangkyup)	none	Details \| Review
Sorry, I attached the patch again. (1.52 KB, patch) 2015-06-26 07:30 UTC, Sangkyu Park (sangkyup)	none	Details \| Review
Sorry, it has a typing error in patch so I updated it again. (1.51 KB, patch) 2015-06-26 07:34 UTC, Sangkyu Park (sangkyup)	none	Details \| Review
I updated, Thanks :) (1.51 KB, patch) 2015-06-26 07:40 UTC, Sangkyu Park (sangkyup)	none	Details \| Review
I updated it (1.52 KB, patch) 2015-06-26 07:59 UTC, Sangkyu Park (sangkyup)	none	Details \| Review
Sorry I updated it again. I know that must recopy commit tag also when making patch again. (1.47 KB, patch) 2015-06-26 08:05 UTC, Sangkyu Park (sangkyup)	committed	Details \| Review

Description Sangkyu Park (sangkyup) 2015-06-26 07:20:23 UTC

I found a prevent defect using static analysis tool.

Comment 1 Sangkyu Park (sangkyup) 2015-06-26 07:23:25 UTC

Created attachment 306140 [details] [review]
It is a prevent defect which dereference null return value. 'gst_flups_demux_get_stream' function could return NULL when it is unknown stream. So I added NULL check.

Comment 2 Sangkyu Park (sangkyup) 2015-06-26 07:26:43 UTC

Created attachment 306141 [details] [review]
I fixed a typing error in patch.

Comment 3 Sangkyu Park (sangkyup) 2015-06-26 07:30:07 UTC

Created attachment 306142 [details] [review]
Sorry, I attached the patch again.

Fix a prevent defect which dereference null return value.
'gst_ps_demux_get_stream' function could return NULL when it is unknown stream.
So I added NULL check.

Comment 4 Sangkyu Park (sangkyup) 2015-06-26 07:30:33 UTC

Comment on attachment 306142 [details] [review]
Sorry, I attached the patch again.

>From 261d6534f23958d22de025a29b5d3aa7b906ac45 Mon Sep 17 00:00:00 2001
>From: Sangkyu Park <sk1122.park@samsung.com>
>Date: Fri, 26 Jun 2015 15:58:25 +0900
>Subject: [PATCH] mpegdemux: Minor clean-up
>
>Fix a prevent defect which dereference null return value.
>'gst_ups_demux_get_stream' function could return NULL when it is unknown stream.
>
>https://bugzilla.gnome.org/show_bug.cgi?id=751528
>---
> gst/mpegdemux/gstmpegdemux.c |    4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
> mode change 100644 => 100755 gst/mpegdemux/gstmpegdemux.c
>
>diff --git a/gst/mpegdemux/gstmpegdemux.c b/gst/mpegdemux/gstmpegdemux.c
>old mode 100644
>new mode 100755
>index ab9b364..54551c9
>--- a/gst/mpegdemux/gstmpegdemux.c
>+++ b/gst/mpegdemux/gstmpegdemux.c
>@@ -824,7 +824,7 @@ gst_ps_demux_handle_dvd_event (GstPsDemux * demux, GstEvent * event)
> 
>       g_snprintf (cur_stream_name, 32, "audio-%d-language", i);
>       lang_code = gst_structure_get_string (structure, cur_stream_name);
>-      if (lang_code) {
>+      if (lang_code && temp) {
>         GstTagList *list = temp->pending_tags;
> 
>         if (!list)
>@@ -855,6 +855,8 @@ gst_ps_demux_handle_dvd_event (GstPsDemux * demux, GstEvent * event)
>       /* Retrieve the subpicture stream to force pad creation */
>       temp = gst_ps_demux_get_stream (demux, 0x20 + stream_id,
>           ST_PS_DVD_SUBPICTURE);
>+      if (temp == NULL)
>+        continue;
> 
>       g_snprintf (cur_stream_name, 32, "subpicture-%d-language", i);
>       lang_code = gst_structure_get_string (structure, cur_stream_name);
>-- 
>1.7.9.5
>

Comment 5 Vineeth 2015-06-26 07:33:51 UTC

Hi 
you can mark the previous patches as obsolete, so that there will be no duplications

Comment 6 Sangkyu Park (sangkyup) 2015-06-26 07:34:00 UTC

Created attachment 306143 [details] [review]
Sorry, it has a typing error in patch so I updated it again.

Comment 7 Sangkyu Park (sangkyup) 2015-06-26 07:40:33 UTC

Created attachment 306144 [details] [review]
I updated, Thanks :)

Comment 8 Sangkyu Park (sangkyup) 2015-06-26 07:44:06 UTC

It is a prevent defect which dereference null return value. 'gst_ps_demux_get_stream' function could return NULL when it is unknown stream. So I added NULL check.

Comment 9 Vineeth 2015-06-26 07:54:39 UTC

Review of attachment 306144 [details] [review]:

::: gst/mpegdemux/gstmpegdemux.c
@@ +825,3 @@
       g_snprintf (cur_stream_name, 32, "audio-%d-language", i);
       lang_code = gst_structure_get_string (structure, cur_stream_name);
+      if (lang_code && temp) {

it might be better to break for default case and add
if (temp == NULL)
  continue;
before line 825

Comment 10 Sangkyu Park (sangkyup) 2015-06-26 07:59:34 UTC

Created attachment 306146 [details] [review]
I updated it

Comment 11 Sangkyu Park (sangkyup) 2015-06-26 08:05:56 UTC

Created attachment 306147 [details] [review]
Sorry I updated it again. I know that must recopy commit tag also when making patch again.

Comment 12 Sangkyu Park (sangkyup) 2015-06-26 08:36:30 UTC

I'm beginner about contributing open source. sorry I have made many mistakes.

Comment 13 Luis de Bethencourt 2015-06-26 16:32:58 UTC

Two things.

 - Don't compare to NULL, when you can directly do if (!temp).
 - In GStreamer's coding style we add a space between the 'if' and the '('.

Logic of patch is good. The code must check if gst_ps_demux_get_stream () returned NULL before dereferencing temp.

Change it to:

if (!temp)
  continue;

Comment 14 Luis de Bethencourt 2015-06-26 17:06:46 UTC

Sangkyu,

Tim pointed out that the norm is to compare to NULL to make it clear a pointer is being checked and not a boolean. I went ahead and fixed your space between if and '(' and submitted.

Thank you for your contribution :)

Comment 15 Luis de Bethencourt 2015-06-26 17:07:20 UTC

Review of attachment 306147 [details] [review]:

commit 0ca354eb102d883d0bc4cb9762c8911ccf698ffc
Author: Sangkyu Park <sk1122.park@samsung.com>
Date:   Fri Jun 26 15:58:25 2015 +0900

    mpegdemux: check pointer before dereferencing

    gst_ps_demux_get_stream() could return NULL when it is unknown stream,
    check this hasn't happened before dereferencing the returned pointer.

    https://bugzilla.gnome.org/show_bug.cgi?id=751528

Comment 16 Tim-Philipp Müller 2015-06-26 17:19:58 UTC

(clean-up is something that doesn't change behaviour :))

Comment 17 Sangkyu Park (sangkyup) 2015-06-27 01:22:33 UTC

Vineeth, Luis and Tim-philipp, Thanks for your advice :)
I will check one more next time for no mistake.