Bug 348233 – dv1394src crashes with libavc1394 0.5.3 - cause known

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 348233 - dv1394src crashes with libavc1394 0.5.3 - cause known


Summary:	dv1394src crashes with libavc1394 0.5.3 - cause known


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-good
Version:	0.10.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	0.10.5
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2006-07-21 11:12 UTC by Marcel Moreaux
Modified:	2006-08-28 17:00 UTC

See Also:
GNOME target:	---
GNOME version:	2.13/2.14

Description Marcel Moreaux 2006-07-21 11:12:29 UTC

When libavc1394 0.5.3 is installed:

[marcelm@salyut ~]$ gst-launch dv1394src ! fakesink
Setting pipeline to PAUSED ...
Segmentation fault

The same pipeline works fine with libavc1394 0.5.1.

I have tracked down the issue. libraw1394 has a concept of handles, which maintain some state for operations on the firewire bus. libraw1394 handles have a field called userdata, which applications can use for quick access to their own administration in callback functions etc.

dv1394src uses this userdata field. Starting with version 0.5.3, libavc1394 also uses this userdata field for its own purposes. This clashes.

Specifically, in gst_dv1394src_start(), dv1394src sets the userdata with raw1394_set_userdata(), and later calls avc1394_vcr_is_recording(). In libavc1394, avc1394_vcr_is_recording() eventually calls init_avc_response_handler(), which sets the userdata using raw1394_set_userdata(). libavc1394's userdata is later freed, but the userdata field of the libraw1394 handle still points to this freed memory. When dv1394src tries to dereference it (in gst_dv1394src_iso_receive()), it SEGVs.

To fix this, either:

 - dv1394src must stop relying on the userdata field, or
 - libavc1394 must stop using the userdata field, or
 - libavc1394 must restore the userdata field to its previous value after using it

Comment 1 Marcel Moreaux 2006-07-31 14:26:47 UTC

I have contacted the libavc1394 maintainer to discuss this issue. His response is that he'd rather not have used the userdata field himself, but that he had no choice.

Consequently, libavc1394 will keep using the userdata field, and dv1394src will have to work around that. The libavc1394 maintainer suggested using two libraw1394 handles in dv1394src, one for libavc1394 calls, and one for its own purposes.

HTH

Comment 2 Andy Wingo 2006-08-28 17:00:27 UTC

2006-08-28  Andy Wingo  <wingo@pobox.com>

	* ext/raw1394/gstdv1394src.c (gst_dv1394src_from_raw1394handle):
	New helper function to lessen the ifdefs.
	(GST_INFO_OBJECT): 
	(gst_dv1394src_iso_receive): Use it.
	(gst_dv1394src_create): Also use the control sockets in iec61883
	mode.
	(gst_dv1394src_start, gst_dv1394src_stop): Always use a separate
	handle for AVC operations; fixes #348233.

Thanks for the report!