After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 738793 - speex: encoder/decoder segfault when resetting multiple times
speex: encoder/decoder segfault when resetting multiple times
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
unspecified
Other All
: Normal normal
: 1.4.4
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2014-10-18 21:33 UTC by ananda
Modified: 2014-10-24 19:55 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Patch for protection againt multi-time SpeexBits destroy (786 bytes, patch)
2014-10-18 21:33 UTC, ananda
needs-work Details | Review
Patch for protection againt multi-time SpeexBits destroy (using speex_bits_set_bit_buffer) (1.17 KB, patch)
2014-10-22 11:44 UTC, ananda
committed Details | Review

Description ananda 2014-10-18 21:33:33 UTC
Created attachment 288827 [details] [review]
Patch for protection againt multi-time SpeexBits destroy

The speex decoder/encoder may destroy SpeexBits more multi-time (call speex_bits_destroy(&dec->bits) more than once) and produce a SIGSEV.

After destroying bits in gst_speex_dec_reset() and gst_speex_enc_stop(), we should add something like:
  speex_bits_set_bit_buffer(&dec->bits, NULL, 0);
or
  dec->bits.owner = 0;
Comment 1 Sebastian Dröge (slomo) 2014-10-20 10:49:57 UTC
Comment on attachment 288827 [details] [review]
Patch for protection againt multi-time SpeexBits destroy

Might be better to just memset() the complete bits to 0.

Also please attach the patch in "git format-patch" format with your real name and mail address :)
Comment 2 ananda 2014-10-22 11:42:55 UTC
Sorry for the patch format.
Maybe calling speex_bits_set_bit_buffer... is the best, it will let speex guys do what they want with their "opaque" SpeexBits structure.
Attached the "format-patch" patch :)
Comment 3 ananda 2014-10-22 11:44:22 UTC
Created attachment 289120 [details] [review]
Patch for protection againt multi-time SpeexBits destroy (using speex_bits_set_bit_buffer)
Comment 4 Sebastian Dröge (slomo) 2014-10-23 08:31:18 UTC
commit ec3af50cc26be86e36368f328d5ef489a3bc1dc9
Author: Ananda <ananda@latelier23.com>
Date:   Wed Oct 22 15:28:44 2014 +0200

    speex: Fix segfault when resetting the codecs multiple times
    
    https://bugzilla.gnome.org/show_bug.cgi?id=738793
Comment 5 Tim-Philipp Müller 2014-10-24 19:55:31 UTC
Cherry-picked into 1.4 branch as well.