After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 660357 - pad: fix Py_DECREF of null pointer in pad probe and pad block marshallers
pad: fix Py_DECREF of null pointer in pad probe and pad block marshallers
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-python
git master
Other Linux
: Normal normal
: 0.10.23
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2011-09-28 13:24 UTC by Andoni Morales
Modified: 2012-03-07 16:54 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Fix decref of null pointer (716 bytes, patch)
2011-09-28 13:24 UTC, Andoni Morales 		none Details | Review
Fix decref of null pointer (1.63 KB, patch)
2011-12-12 14:49 UTC, Andoni Morales 		committed Details | Review

Description Andoni Morales 2011-09-28 13:24:05 UTC 
Created attachment 197661 [details] [review]
Fix decref of null pointer

I caught a segfault in gst-python that I can't reproduce, but I have a coredump. It's seems that if the call to the callback fails, args can be NULL.
Attached patch.


(gdb) frame 0

+ Trace 228625

  • #0 pad_block_callback_marshal
    at gstpad.override line 1393
  • #0 pad_block_callback_marshal
    at gstpad.override line 1393
  • #1 handle_pad_block
    at gstpad.c line 4000
  • #2 gst_pad_push_event
    at gstpad.c line 4951
  • #3 gst_base_src_loop
    at gstbasesrc.c line 2403
  • #4 gst_task_func
    at gsttask.c line 271
  • #5 default_func
    at gsttaskpool.c line 70
  • #6 g_thread_pool_push
    from /lib/libglib-2.0.so.0
  • #7 g_thread_create_full
    from /lib/libglib-2.0.so.0
  • #8 start_thread
    from /lib/libpthread.so.0
  • #9 clone
    from /lib/libc.so.6 
1381	    callback = PyTuple_GetItem(py_user_data, 0);
1382	    args = Py_BuildValue("(NO)",
1383	             pygobject_new(G_OBJECT(pad)),
1384	             blocked ? Py_True : Py_False);
1385	    
1386	    {
1387	        PyObject *tmp = args;
1388	        args = PySequence_Concat(tmp, PyTuple_GetItem(py_user_data, 1));
1389	        Py_DECREF (tmp);
1390	    }
1391	
1392	    ret = PyObject_CallObject(callback, args);
1393	    Py_DECREF(args);
1394	
1395	    if (!ret)
1396	        PyErr_Print();
1397	    else
1398	        Py_DECREF(ret);
1399	    
1400	    pyg_gil_state_release(state);
1401	}
1402	
1403	static PyObject *
1404	_wrap_gst_pad_set_blocked_async (PyGObject *self, PyObject *args)
1405	{
(gdb) print *args
Cannot access memory at address 0x0
(gdb) print *ret
Cannot access memory at address 0x0
(gdb)
Comment 1 Tim-Philipp Müller 2011-10-20 12:14:43 UTC 
Comment on attachment 197661 [details] [review]
Fix decref of null pointer

>@@ -1395,7 +1395,8 @@ pad_block_callback_marshal(GstPad *pad, gboolean blocked, gpointer user_data)
>     }
> 
>     ret = PyObject_CallObject(callback, args);
>-    Py_DECREF(args);
>+    if (args != NULL)
>+        Py_DECREF(args);
> 
>     if (!ret)
>         PyErr_Print();

It obviously "can't hurt", but I wonder this: if args is NULL there, doesn't that mean that PySequence_Concat has failed? (Assuming PyObject_CallObject  is not some kind of weird macro that can mess with 'args') and if PySequence_Concat failed for some reason, should we still be doing the PyObject_CallObject in the first place with NULL args instead of erroring out?
Comment 2 Akhil Laddha 2011-12-12 06:13:38 UTC 
Andoni, can you please respond to comment#1 ?
Comment 3 Andoni Morales 2011-12-12 14:49:10 UTC 
I have seen this bug reproduced several times before applying the patch although Tim might be right and probably the callback shouldn't even be called if args is NULL. Navigating through CPython I see that it's a common practice checking if args is NULL before calling CallObject().
Comment 4 Andoni Morales 2011-12-12 14:49:44 UTC 
Created attachment 203255 [details] [review]
Fix decref of null pointer
Comment 5 Akhil Laddha 2012-03-06 11:38:54 UTC 
Tim-Philipp, updated patch is available.
Comment 6 Tim-Philipp Müller 2012-03-07 16:53:02 UTC 
Thanks for the updated patch, but I'd contend that this patch hasn't been tested at all, given that it even made 'make check' fail ;-)


commit 9f163262f02a0a33544ff6941e58b983184220c8
Author: Tim-Philipp Müller <tim.muller@collabora.co.uk>
Date:   Wed Mar 7 16:50:11 2012 +0000

    pad: fix unit test again after previous commit
    
    https://bugzilla.gnome.org/show_bug.cgi?id=660357

commit c3dab3df761a7ae0680753b4993cefcff56a0482
Author: Andoni Morales Alastruey <amorales@flumotion.com>
Date:   Wed Sep 28 15:16:07 2011 +0200

    pad: fix Py_DECREF of null pointer in pad probe and pad block marshallers
    
    https://bugzilla.gnome.org/show_bug.cgi?id=660357