After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 541697 - program aborts due to varialbe double free in dvdnavsrc.c
program aborts due to varialbe double free in dvdnavsrc.c
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-ugly
0.10.8
Other All
: Normal critical
: 0.10.8
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2008-07-05 18:40 UTC by Tal Shalif
Modified: 2008-07-05 18:58 UTC
See Also:
GNOME target: ---
GNOME version: 2.19/2.20

Attachments
patch to prevent closing file a 2nd time (330 bytes, patch)
2008-07-05 18:44 UTC, Tal Shalif 		committed Details | Review

Description Tal Shalif 2008-07-05 18:40:49 UTC 
Steps to reproduce:
(I am using python binding)
1. launch pipeline 
2. set pipeline state to play
3. set pipeline state to null
4. set pipeline state to play

The second time the pipeline is played the program aborts


Stack trace:
*** glibc detected *** /usr/bin/python: double free or corruption (!prev): 0xb4058c08 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7dcca85]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7dd04f0]
/usr/lib/libdvdnav.so.4(ifoClose+0x9c)[0xb70fc40c]
/usr/local/lib/gstreamer-0.10/libgstdvdnav.so[0xb71df78c]
/usr/local/lib/gstreamer-0.10/libgstdvdnav.so[0xb71e48d7]
/usr/local/lib/gstreamer-0.10/libgstdvdnav.so[0xb71e523a]
/usr/local/lib/libgstbase-0.10.so.0[0xb759cea5]
/usr/local/lib/libgstbase-0.10.so.0[0xb758e320]
/usr/local/lib/libgstbase-0.10.so.0[0xb7592244]
/usr/local/lib/libgstreamer-0.10.so.0[0xb753ae90]
/usr/lib/libglib-2.0.so.0[0xb731069b]
/usr/lib/libglib-2.0.so.0[0xb730ea6f]
/lib/tls/i686/cmov/libpthread.so.0[0xb7ee34fb]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0xb7e37e5e]
======= Memory map: ========
08048000-08140000 r-xp 00000000 08:01 30654606   /usr/bin/python2.5
08140000-08165000 rw-p 000f7000 08:01 30654606   /usr/bin/python2.5
08165000-08689000 rw-p 08165000 00:00 0          [heap]
b2a00000-b2afe000 rw-p b2a00000 00:00 0 
b2afe000-b2b00000 ---p b2afe000 00:00 0 
b2c00000-b2d00000 rw-p b2c00000 00:00 0 
b4000000-b40fa000 rw-p b4000000 00:00 0 
b40fa000-b4100000 ---p b40fa000 00:00 0 
b4200000-b42f0000 rw-p b4200000 00:00 0 
b42f0000-b4300000 ---p b42f0000 00:00 0 
b4406000-b4407000 ---p b4406000 00:00 0 
b4407000-b4c07000 rwxp b4407000 00:00 0 
b4c07000-b4c08000 ---p b4c07000 00:00 0 
b4c08000-b5408000 rwxp b4c08000 00:00 0 
b5408000-b5409000 ---p b5408000 00:00 0 
b5409000-b5c09000 rwxp b5409000 00:00 0 
b5c09000-b5c0a000 ---p b5c09000 00:00 0 
b5c0a000-b640a000 rwxp b5c0a000 00:00 0 
b640a000-b640b000 ---p b640a000 00:00 0 
b640b000-b6c0b000 rwxp b640b000 00:00 0 
b6c0b000-b6d36000 rw-p b6c0b000 00:00 0 
b6d36000-b6df7000 r-xp 00000000 08:01 16908329   /usr/lib/libasound.so.2.0.0.Realtek
b6df7000-b6dfc000 rw-p 000c0000 08:01 16908329   /usr/lib/libasound.so.2.0.0.Realtek
b6e14000-b6e34000 rw-s 00000000 00:09 177078282  /SYSV0056a4d6 (deleted)
b6e34000-b6e3d000 r-xp 00000000 08:01 2229148    /usr/lib/liba52-0.7.4.so
b6e3d000-b6e3e000 rw-p 00008000 08:01 2229148    /usr/lib/liba52-0.7.4.so
b6e3e000-b6e3f000 rw-p b6e3e000 00:00 0 
b6e3f000-b6e56000 r-xp 00000000 08:01 4325529    /usr/lib/libxcb.so.1.0.0
b6e56000-b6e57000 rw-p 00016000 08:01 4325529    /usr/lib/libxcb.so.1.0.0
b6e57000-b6f3b000 r-xp 00000000 08:01 4325539    /usr/lib/libX11.so.6.2.0
b6f3b000-b6f3e000 rw-p 000e4000 08:01 4325539    /usr/lib/libX11.so.6.2.0
b6f41000-b6f51000 rw-s 00000000 00:0e 12125      /dev/snd/pcmC0D0p
b6f51000-b6f67000 r-xp 00000000 08:01 44664102   /usr/local/lib/gstreamer-0.10/libgstalsa.so
b6f67000-b6f68000 rw-p 00016000 08:01 44664102   /usr/local/lib/gstreamer-0.10/libgstalsa.so
b6f68000-b6f75000 r-xp 00000000 08:01 44663412   /usr/local/lib/gstreamer-0.10/libgstaudioconvert.so
b6f75000-b6f76000 rw-p 0000c000 08:01 44663412   /usr/local/lib/gstreamer-0.10/libgstaudioconvert.so
b6f76000-b6fc8000 r-xp 00000000 08:01 30661669   /usr/lib/liboil-0.3.so.0.2.0
b6fc8000-b6fdf000 rw-p 00052000 08:01 30661669   /usr/lib/liboil-0.3.so.0.2.0
b6fdf000-b6fe1000 rw-p b6fdf000 00:00 0 
b6fe3000-b6ff0000 r-xp 00000000 08:01 16908514   /usr/lib/libXext.so.6.4.0
b6ff0000-b6ff1000 rw-p 0000d000 08:01 16908514   /usr/lib/libXext.so.6.4.0
b6ff1000-b7006000 r-xp 00000000 08:01 4325527    /usr/lib/libICE.so.6.3.0
b7006000-b7007000 rw-p 00014000 08:01 4325527    /usr/lib/libICE.so.6.3.0
b7007000-b7009000 rw-p b7007000 00:00 0 
b7009000-b7018000 r-xp 00000000 08:01 44664079   /usr/local/lib/gstreamer-0.10/libgstxvimagesink.so
b7018000-b7019000 rw-p 0000e000 08:01 44664079   /usr/local/lib/gstreamer-0.10/libgstxvimagesink.so
b7019000-b7043000 r-xp 00000000 08:01 44664036   /usr/local/lib/gstreamer-0.10/libgstffmpegcolorspace.so
b7043000-b7044000 rw-p 00029000 08:01 44664036   /usr/local/lib/gstreamer-0.10/libgstffmpegcolorspace.so
b7044000-b7045000 rw-p b7044000
Program received signal SIGABRT, Aborted.

Other information:
The problem seems to be calling 'ifoClose (src->vts_file)' in dvdnavsrc.c a 2nd time on an already closed file.
Comment 1 Tal Shalif 2008-07-05 18:44:21 UTC 
Created attachment 114030 [details] [review]
patch to prevent closing file a 2nd time
Comment 2 Sebastian Dröge (slomo) 2008-07-05 18:57:26 UTC 
2008-07-05  Sebastian Dröge  <sebastian.droege@collabora.co.uk>

	Patch by: Tal Shalif <tshalif at nargila dot org>

	* ext/dvdnav/dvdnavsrc.c: (gst_dvd_nav_src_stop):
	Prevent double free. Fixes bug #541697.
Comment 3 Sebastian Dröge (slomo) 2008-07-05 18:58:18 UTC 
Btw, you probably want to take a look at resindvd from gst-plugins-bad. This is a element that incorporates dvdnav and all other features required for a DVD player.