GNOME Bugzilla – Bug 751601
Incorrect wrapping of virtual functions returning objects with transfer full
Last modified: 2021-07-05 13:17:58 UTC
The list of affected functions can be obtained by grepping for "_WRAP_VFUNC(Glib::RefPtr" and checking the documentation or the source code whether the functions is supposed to return by transfer full or transfer none. The *_vfunc_callback virtual functions generated from _WRAP_VFUNC on functions returning RefPtrs without the attribute refreturn_ctype use unwrap() on the RefPtr returned from C++ virtual methods. As soon as the temporary RefPtr is destroyed (which is immediately after completing current statement) the unwrapped C-style pointer returned from the virtual function becomes invalid as the reference that should be associated with it (due to transfer full) is not there anymore. For objects which have refcount = 1 this will cause destroying the object and will almost immediately lead to assert failures in GObject checks, double frees and/or segfaults - depending on the way the pointer is used. For objects with greater refcount, the errors will be deferred or in some cases may not appear at all. The mentioned mm attribute 'refreturn_ctype' replaces unwrap() with unwrap_copy() in the generated code. unwrap_copy() increments the refcount for the returned C-style pointer to GObject and thus fixes the problem. Along with the fixes I will provide unit tests in the patches. The patches will come in series for increased readability.
Created attachment 306222 [details] [review] [PATCH 1/...] tests/Makefile.am clean-ups
Created attachment 306223 [details] [review] [PATCH 2/...] clean-ups in tests/*/*.h
Created attachment 306224 [details] [review] [PATCH 3/...] improve and re-enable RegisterPluginTest tests
Created attachment 306225 [details] [review] [PATCH 4/...] Gst::BaseTransform: fix refs of {fixate,transform}_caps() return values
Created attachment 306226 [details] [review] [PATCH 5/...] Gst::BaseSrc: fix refs of {get_caps,fixate}() return values
Created attachment 306227 [details] [review] [PATCH 5/...] Gst::BaseSrc: fix refs of {get_caps,fixate}() return values
Created attachment 306228 [details] [review] [PATCH 6/...] Gst::BaseSink: set_caps(), event(): use return_value attribute
Created attachment 306229 [details] [review] [PATCH 7/...] Gst::BaseSink: fix refs of {get_caps,fixate}() return values
Created attachment 306230 [details] [review] [PATCH 8/...] Gst::Allocator: fix ref of alloc() return value
Created attachment 306236 [details] [review] [PATCH 9/...] Gst::AudioBaseSrc: fix refs of create_ringbuffer() return values
Created attachment 306237 [details] [review] [PATCH 10/...] Gst::AudioBaseSink: fix refs of create_ringbuffer() return values
Thanks for your work. I improved a little commit messages, and applied your patches to master branch except two most recent patches. They could be applied for gstreamermm 1.5.x, and after GStreamer's bug will be resolved.
The mentioned GStreamer's bug that blocks this one is https://bugzilla.gnome.org/show_bug.cgi?id=751606
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/gstreamermm/-/issues/ Thank you for your understanding and your help.