Bug 781914 – gst_deinit() might be called without calling init_post and segfaults

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 781914 - gst_deinit() might be called without calling init_post and segfaults


Summary:	gst_deinit() might be called without calling init_post and segfaults


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gstreamer (core)
Version:	unspecified
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	1.13.1
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2017-04-28 18:18 UTC by Víctor Manuel Jáquez Leal
Modified:	2017-12-24 15:23 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gst: check non-null before dereference (1.15 KB, patch) 2017-04-28 18:18 UTC, Víctor Manuel Jáquez Leal	committed	Details \| Review
gst: unref instantiated classes (14.48 KB, patch) 2017-04-28 18:18 UTC, Víctor Manuel Jáquez Leal	none	Details \| Review

Description Víctor Manuel Jáquez Leal 2017-04-28 18:18:05 UTC

If you run gtk-play, from gst-example, with an unknown parameter it crashes 
at gst_deinit(). This is because gst_deinit() is called without registering
a type, which is dereferenced. And this is seems to be the logic of
GApplication.

$ gtk-play -v
Unknown option -v
Segmentation fault (core dumped)

After fixing that (first patch), a lot of critical log messages appeared.
The second patch aims to fix those critical logs.

Comment 1 Víctor Manuel Jáquez Leal 2017-04-28 18:18:11 UTC

Created attachment 350677 [details] [review]
gst: check non-null before dereference

It is possible to use gst_deinit() without registering the base
classes. For example, when using gst_init_get_option_group() and
call the program with an invalid parameter. In that case,
gst_deinit() will lead to a segmentation fault, since there is a
dereference to a pointer that is null.

This patch validates if the type is non-null before dereferencing
it.

Comment 2 Víctor Manuel Jáquez Leal 2017-04-28 18:18:16 UTC

Created attachment 350678 [details] [review]
gst: unref instantiated classes

It is possible to use gst_deinit() without registering the base
classes. For example, when using gst_init_get_option_group() and
call the program with an invalid parameter.

When unrefing non-instantiated classes a critical log message is
thrown. This patch adds checks for the type before unref it.

Comment 3 Tim-Philipp Müller 2017-04-28 18:48:37 UTC

Or how about we just add a guard to gst_deinit() to make sure gst_initialized has been set to TRUE ?

Comment 4 Víctor Manuel Jáquez Leal 2017-04-28 18:55:44 UTC

(In reply to Tim-Philipp Müller from comment #3)
> Or how about we just add a guard to gst_deinit() to make sure
> gst_initialized has been set to TRUE ?

I thought about that, but I wonder why it wasn't placed before if it looks obvious, so played safe.

Comment 5 Víctor Manuel Jáquez Leal 2017-04-28 19:03:27 UTC

Comment on attachment 350677 [details] [review]
gst: check non-null before dereference

Attachment 350677 [details] pushed as d108ed2 - gst: check non-null before dereference

Comment 6 Tim-Philipp Müller 2017-12-24 15:23:19 UTC

Let's KISS then:

commit 252ce5a093178b415a74776f0153390e03338cab (HEAD -> master)
Author: Tim-Philipp Müller <tim@centricular.com>
Date:   Sun Dec 24 16:21:38 2017 +0100

    Skip gst_deinit() if gstreamer was not initialized properly
    
    Can happen if an error occurs during option parsing, for example.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=781914