Bug 774759 – hlsdemux: strlen segfault in Epiphany

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 774759 - hlsdemux: strlen segfault in Epiphany


Summary:	hlsdemux: strlen segfault in Epiphany


Status:	RESOLVED INCOMPLETE

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-bad
Version:	1.10.x
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	git master
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-11-20 21:57 UTC by Kai Lüke
Modified:	2017-01-15 09:34 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Kai Lüke 2016-11-20 21:57:58 UTC

The gst_m3u8_get_uri function invokes g_strdup for an invalid (uninitialized/freed) uri field of the GstHLSVariantStream returned from gst_hls_master_playlist_get_variant_for_bitrate.

#0  0x00007f7701ede496 strlen (libc.so.6)
#1  0x00007f76ffe16ea3 g_strdup (libglib-2.0.so.0)
#2  0x00007f76581d9811 gst_m3u8_get_uri (libgsthls.so)
#3  0x00007f76581de051 gst_hls_demux_change_playlist (libgsthls.so)
#4  0x00007f76581df42f gst_hls_demux_select_bitrate (libgsthls.so)
#5  0x00007f763fbf2eaa gst_adaptive_demux_stream_select_bitrate (libgstadaptivedemux-1.0.so.0)
#6  0x00007f76581dcc7a gst_hls_demux_finish_fragment (libgsthls.so)
#7  0x00007f763fbe88ff gst_adaptive_demux_eos_handling (libgstadaptivedemux-1.0.so.0)
#8  0x00007f763fbe8e03 _src_event (libgstadaptivedemux-1.0.so.0)
#9  0x00007f76fd4a6707 gst_pad_send_event_unchecked (libgstreamer-1.0.so.0)
#10 0x00007f76fd4a6bce gst_pad_push_event_unchecked (libgstreamer-1.0.so.0)
#11 0x00007f76fd4a6fe0 push_sticky (libgstreamer-1.0.so.0)
#12 0x00007f76fd4a4bcf events_foreach (libgstreamer-1.0.so.0)
#13 0x00007f76fd4b0f61 check_sticky (libgstreamer-1.0.so.0)
#14 0x00007f76fd4b10de event_forward_func (libgstreamer-1.0.so.0)
#15 0x00007f76fd4ac95e gst_pad_forward (libgstreamer-1.0.so.0)
#16 0x00007f76fd4acab3 gst_pad_event_default (libgstreamer-1.0.so.0)
#17 0x00007f76fd4a6707 gst_pad_send_event_unchecked (libgstreamer-1.0.so.0)
#18 0x00007f76fd4a6bce gst_pad_push_event_unchecked (libgstreamer-1.0.so.0)
#19 0x00007f76fd4a6fe0 push_sticky (libgstreamer-1.0.so.0)
#20 0x00007f76fd4a4bcf events_foreach (libgstreamer-1.0.so.0)
#21 0x00007f76fd4b0f61 check_sticky (libgstreamer-1.0.so.0)
#22 0x00007f765d357260 gst_queue2_push_one (libgstcoreelements.so)
#23 0x00007f76fd4db951 gst_task_func (libgstreamer-1.0.so.0)
#24 0x00007f76ffe1fd3e g_thread_pool_thread_proxy (libglib-2.0.so.0)
#25 0x00007f76ffe1f345 g_thread_proxy (libglib-2.0.so.0)
#26 0x00007f76fe42e464 start_thread (libpthread.so.0)
#27 0x00007f7701f469df __clone (libc.so.6)

Comment 1 Sebastian Dröge (slomo) 2016-11-21 07:38:38 UTC

Can you provide a way to reproduce this, and also a backtrace with debug symbols (so we can see line numbers)?

Alternatively please provide a patch or more accurate description about how this can happen.

Comment 2 Kai Lüke 2017-01-13 23:26:04 UTC

Hi,
no, I could not find an example now…
So maybe this should just be closed.

Comment 3 Sebastian Dröge (slomo) 2017-01-15 09:34:45 UTC

Closing this bug report as no further information has been provided. Please feel free to reopen this bug report if you can provide the information that was asked for in a previous comment.
Thanks!