GNOME Bugzilla – Bug 784282
rtspsrc crash when HTTP tunneling with digest authentication
Last modified: 2017-07-04 06:19:28 UTC
Starting in commit 4c7fad2dba108e5d6413579a23041445ae7df469, locks were added in rtspsrc. However, there is one case where you try to free the mutex when it wasn't initialized. Here is how I reproduced it: 1. Use an RTSP stream with digest authentication and HTTP tunneling. 2. Connect to the stream 3. The stream will return 401 unauthorized at first because you must re-authenticate with digest parameters. 4. At this point in gst_rtsp_conninfo_connect, rtspsrc will immediately call gst_rtsp_conninfo_close. 5. gst_rtsp_conninfo_close will then attempt to free the mutex with these lines: g_mutex_clear (&info->send_lock); g_mutex_clear (&info->recv_lock); 6. This will lead to a crash because the mutex was never initialized. The mutex's are only initialized after the initial connection is created which this path never gets to.
Marking as blocker, since it appears to be a regression.
Please when fixing, just create the mutex once, it's silly to create and destroy mutex for very connect/disconnect.
Backporting to 1.12 later. commit cd17c71dcea5c9310d21f1347c7520983e5869ac (HEAD -> master, origin/master, origin/HEAD) Author: Sebastian Dröge <sebastian@centricular.com> Date: Thu Jun 29 18:59:58 2017 +0300 rtspsrc: Create send/recv mutexes once, not on every connect() Also fixes a crash caused by freeing an uninitialized mutex in an error case. https://bugzilla.gnome.org//show_bug.cgi?id=784282