GNOME Bugzilla – Bug 787372
tests: libs/player test_play_media_info test invalid string access
Last modified: 2018-11-03 14:13:10 UTC
$ GST_DEBUG=check:6 GST_CHECKS=test_play_media_info make libs/player.forever This will lead to invalid garbage strings being printed in the debug log output here: uri_loaded {GARBAGE} -> (nil) valgrind trace: ==7655== Invalid read of size 1 ==7655== at 0x4C2EDE2: strlen (vg_replace_strmem.c:458) ==7655== by 0x5B42852: __gst_vasnprintf (vasnprintf.c:561) ==7655== by 0x5B43CCC: __gst_vasprintf (printf.c:154) ==7655== by 0x5AD856F: gst_debug_message_get (gstinfo.c:588) ==7655== by 0x5AD9B0D: gst_debug_log_default (gstinfo.c:1188) ==7655== by 0x5AD8C34: gst_debug_log_valist (gstinfo.c:566) ==7655== by 0x5AD8D9A: gst_debug_log (gstinfo.c:498) ==7655== by 0x10D713: test_player_state_change_debug.part.3 (player.c:191) ==7655== by 0x10D8A2: test_player_state_change_debug (player.c:191) ==7655== by 0x10D8A2: state_changed_cb (player.c:342) ==7655== by 0x5DB8F9C: g_closure_invoke (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x5DCBD2D: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x5DD4504: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x5DD4F1E: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x4E4AAAC: g_main_context_signal_dispatcher_dispatch_gsourcefunc (gstplayer-g-main-context-signal-dispatcher.c:157) ==7655== by 0x6047DD4: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x604819F: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x60484B1: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x1100F4: stop_player (player.c:441) ==7655== by 0x1100F4: test_play_media_info (player.c:750) ==7655== by 0x5562480: tcase_run_tfun_fork (check_run.c:465) ==7655== by 0x5562480: srunner_iterate_tcase_tfuns (check_run.c:237) ==7655== by 0x5562480: srunner_run_tcase (check_run.c:377) ==7655== by 0x5562480: srunner_iterate_suites (check_run.c:205) ==7655== by 0x5562480: srunner_run_tagged (check_run.c:740) ==7655== by 0x555727D: gst_check_run_suite (gstcheck.c:1057) ==7655== Address 0x8a626f0 is 0 bytes inside a block of size 73 free'd ==7655== at 0x4C2CE1B: free (vg_replace_malloc.c:530) ==7655== by 0x10D884: test_player_state_reset (player.c:228) ==7655== by 0x10D884: state_changed_cb (player.c:340) ==7655== by 0x5DB8F9C: g_closure_invoke (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x5DCBD2D: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x5DD4504: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x5DD4F1E: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x4E4AAAC: g_main_context_signal_dispatcher_dispatch_gsourcefunc (gstplayer-g-main-context-signal-dispatcher.c:157) ==7655== by 0x6047DD4: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x604819F: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x60484B1: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x1100F4: stop_player (player.c:441) ==7655== by 0x1100F4: test_play_media_info (player.c:750) ==7655== by 0x5562480: tcase_run_tfun_fork (check_run.c:465) ==7655== by 0x5562480: srunner_iterate_tcase_tfuns (check_run.c:237) ==7655== by 0x5562480: srunner_run_tcase (check_run.c:377) ==7655== by 0x5562480: srunner_iterate_suites (check_run.c:205) ==7655== by 0x5562480: srunner_run_tagged (check_run.c:740) ==7655== by 0x555727D: gst_check_run_suite (gstcheck.c:1057) ==7655== by 0x10A79E: main (player.c:1732) ==7655== Block was alloc'd at ==7655== at 0x4C2BBEF: malloc (vg_replace_malloc.c:299) ==7655== by 0x604D538: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x6066A0E: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x10C157: uri_loaded_cb (player.c:382) ==7655== by 0x5DB8F9C: g_closure_invoke (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x5DCBD2D: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x5DD4504: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x5DD4F1E: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0) ==7655== by 0x4E4AAAC: g_main_context_signal_dispatcher_dispatch_gsourcefunc (gstplayer-g-main-context-signal-dispatcher.c:157) ==7655== by 0x6047DD4: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x604819F: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x60484B1: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0) ==7655== by 0x1100C5: test_play_media_info (player.c:747) ==7655== by 0x5562480: tcase_run_tfun_fork (check_run.c:465) ==7655== by 0x5562480: srunner_iterate_tcase_tfuns (check_run.c:237) ==7655== by 0x5562480: srunner_run_tcase (check_run.c:377) ==7655== by 0x5562480: srunner_iterate_suites (check_run.c:205) ==7655== by 0x5562480: srunner_run_tagged (check_run.c:740) ==7655== by 0x555727D: gst_check_run_suite (gstcheck.c:1057) ==7655== by 0x10A79E: main (player.c:1732)
Problem here is with the URI string and the media info. In every callback a copy of the test state is made, but without copying the pointer fields
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/607.