After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 650072 - [basevideoencoder] Fix use-after-free after state change transition
[basevideoencoder] Fix use-after-free after state change transition
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
git master
Other Linux
: Normal normal
: 0.10.23
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2011-05-12 23:21 UTC by Andoni Morales
Modified: 2011-05-14 10:14 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Fix use after free after state change transition (1.19 KB, patch)
2011-05-12 23:23 UTC, Andoni Morales 		committed Details | Review

Description Andoni Morales 2011-05-12 23:21:22 UTC 
When going from PAUSED to READY and back to PAUSED I get the following backtrace:

(gdb) bt

+ Trace 227098

  • #0 __kernel_vsyscall
  • #1 raise
    at ../nptl/sysdeps/unix/sysv/linux/raise.c line 64
  • #2 abort
    at abort.c line 92
  • #3 __libc_message
    at ../sysdeps/unix/sysv/linux/libc_fatal.c line 189
  • #4 malloc_printerr
    at malloc.c line 6283
  • #5 _int_free
    at malloc.c line 4795
  • #6 __libc_free
    at malloc.c line 3738
  • #7 g_free
    from /lib/libglib-2.0.so.0
  • #8 gst_base_video_codec_free_frame
    at gstbasevideocodec.c line 553
  • #9 gst_base_video_codec_reset
    at gstbasevideocodec.c line 120
  • #10 gst_base_video_codec_change_state
    at gstbasevideocodec.c line 505
  • #11 gst_base_video_encoder_change_state
    at gstbasevideoencoder.c line 449
  • #12 gst_element_change_state
    at gstelement.c line 2718
  • #13 gst_element_set_state_func
    at gstelement.c line 2674
  • #14 gst_element_set_state
    at gstelement.c line 2575
  • #15 _wrap_gst_element_set_state
    at gstelement.override line 71
  • #16 PyEval_EvalFrameEx
  • #17 PyEval_EvalFrameEx
  • #18 PyEval_EvalCodeEx 

Attached patch.
Comment 1 Andoni Morales 2011-05-12 23:23:01 UTC 
Created attachment 187751 [details] [review]
Fix use after free after state change transition

And the missing attachment :)
Comment 2 Sebastian Dröge (slomo) 2011-05-13 06:31:32 UTC 
NULL is a valid GList, it's enough to set frames to NULL after freeing it. I'll push this patch after the freeze, thanks :)
Comment 3 Sebastian Dröge (slomo) 2011-05-14 10:14:28 UTC 
commit 85703b8886edebbd26d6e8c0b4799c6cf2b4e437
Author: Andoni Morales Alastruey <ylatuya@gmail.com>
Date:   Fri May 13 01:03:27 2011 +0200

    basevideencoder: Fix use after free after state change transition