After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 753001 - rtp buffer: NULL GstBuffer pointer being passed within gst_rtp_buffer_set_extension_data
rtp buffer: NULL GstBuffer pointer being passed within gst_rtp_buffer_set_ext...
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-base
1.x
Other Linux
: Normal normal
: 1.5.90
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2015-07-29 08:18 UTC by Brian Peters
Modified: 2015-08-16 13:39 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Brian Peters 2015-07-29 08:18:46 UTC 
In the function ensure_buffers (called by gst_rtp_buffer_set_extension_data) in gstrtpbuffer.c in the 'if(changed)' scope at the end of the function gst_rtp_buffer_unmap is called. This function sets the buffer pointer in its argument to NULL. The next two lines in ensure_buffers use this pointer in calls to gst_buffer_remove_memory_range and gst_rtp_buffer_map.

This was discovered in version 1.2.4 working on SLES12 but appears to be present in further versions as well.

A possible fix is the following (lines numbers as per gst-plugins-base-1.2.4/gst-libs/gst/gstrtpbuffer.c):

774a775
>     GstBuffer *pBuffer = rtp->buffer;
776,777c777,778
<     gst_buffer_remove_memory_range (rtp->buffer, pos, -1);
<     gst_rtp_buffer_map (rtp->buffer, GST_MAP_READWRITE, rtp);
---
>     gst_buffer_remove_memory_range (pBuffer, pos, -1);
>     gst_rtp_buffer_map (pBuffer, GST_MAP_READWRITE, rtp);
Comment 1 Tim-Philipp Müller 2015-07-30 13:32:40 UTC 
Thanks, pushed:

commit 04c69952c05bde13289fa1c0630687e2dd5b3c93
Author: Brian Peters <brianfpeters@gmail.com>
Date:   Thu Jul 30 14:30:44 2015 +0100

    rtp: buffer: don't access NULL buffer pointer
    
    unmap will set rtpbuffer->buffer to NULL, so we need to
    save the pointer to access it while the RTP buffer is
    unmapped.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=753001
Comment 2 Brian Peters 2015-07-30 14:07:26 UTC 
Tim-Philipp,

Thanks for the fast response. However, I just checked the change log (http://cgit.freedesktop.org/gstreamer/gst-plugins-base/diff/?id2=232bdf17115419da61c3b1ce2c5b02d74e34d403) and it's missing the final alteration. The call to gst_rtp_buffer_map also has to use buf as the first argument as rtp->buffer is still NULL at that point.
Comment 3 Tim-Philipp Müller 2015-07-30 14:20:43 UTC 
Ah yes, sorry. Should be fixed up now:

commit 1273848bf51a37b1be2eb5b30de2bd78d32bf2be
Author: Brian Peters <brianfpeters@gmail.com>
Date:   Thu Jul 30 15:16:57 2015 +0100

    rtpbuffer: avoid accessing NULL buffer even more
    
    Previous commit was incompletely applied.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=753001

If you have an easy way to trigger that code path, please let me know then I'll also add a unit test for it.

Please provide a patch in git format-patch format next time, then it has author information and commit message and everything included, that avoids mistakes like this and makes our life easier, thanks :)