After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 635229 - celtenc: uninitialized tags variable can cause segfault
celtenc: uninitialized tags variable can cause segfault
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
0.10.20
Other Linux
: Normal major
: 0.10.21
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2010-11-18 23:50 UTC by Rob Wheeler
Modified: 2010-12-07 16:25 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Rob Wheeler 2010-11-18 23:50:12 UTC 
In gstceltenc.c, a variable, 'empty_tags', is uninitialized in the gst_celt_enc_create_metadata_buffer() function.  If the value is non-NULL, then it is passed to gst_tag_list_free().  This can cause random segmentation violation depending on what is on your stack at the time.  Here is a simple patch:

--- ext/celt/gstceltenc.c	2010-11-18 15:30:05.391711020 -0800
+++ ext/celt.new/gstceltenc.c	2010-11-18 15:29:40.222616006 -0800
@@ -591,7 +591,7 @@
 gst_celt_enc_create_metadata_buffer (GstCeltEnc * enc)
 {
   const GstTagList *tags;
-  GstTagList *empty_tags;
+  GstTagList *empty_tags = NULL;
   GstBuffer *comments = NULL;
 
   tags = gst_tag_setter_get_tag_list (GST_TAG_SETTER (enc));
Comment 1 Tim-Philipp Müller 2010-12-07 16:24:34 UTC 
Thanks for the bug report, this seems to have been fixed:

 commit b8c0b33536b0e74ed4b2b7ccfd508cdde9ba47b4
 Author: Edward Hervey <bilboed@bilboed.com>
 Date:   Thu Nov 25 18:29:31 2010 +0100

    celtenc: Initialize variable
    
    In the case the tag_setter returns something, empty_tags would be
    garbage value.