[gstreamer-bugs] [Bug 162924] New: [playbin] totem assertion failures when playing cd / potential crash due to accessing freed memory

[bugzilla-daemon at bugzilla.gnome.org]

Please DO NOT reply to this by email. All additional comments should be made in
the comments box of this bug report.

 http://bugzilla.gnome.org/show_bug.cgi?id=162924
 GStreamer | gst-plugins | Ver: HEAD CVS

           Summary: [playbin] totem assertion failures when playing cd /
                    potential crash due to accessing freed memory
           Product: GStreamer
           Version: HEAD CVS
          Platform: Other
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: blocker
          Priority: Normal
         Component: gst-plugins
        AssignedTo: gstreamer-bugs at lists.sourceforge.net
        ReportedBy: t.i.m at zen.co.uk
         QAContact: gstreamer-bugs at lists.sourceforge.net
                CC: all-bugs at bugzilla.gnome.org


This code in gstplaybasebin.c  
 
       structure = gst_caps_get_structure (caps, 0); 
       gst_caps_free (caps); 
       mimetype = gst_structure_get_name (structure); 
 
       if (g_str_has_prefix (mimetype, "audio/x-raw")  
         ..... 
 
causes assertion failures like 
 
 GLib-CRITICAL **: file gstrfuncs.c: line 2660 (g_str_has_prefix): assertion 
`str != NULL' failed 
 
in totem, e.g. when trying to play back a CD. This is the same that Stephane 
Loeuillet mentioned earlier in bug #162913, and a potential crasher. 
 
The problem is that the returned GstStructure belongs to the caps and is freed 
with the caps when they are freed; gst_structure_get_name (structure) then 
accesses already freed memory. 
 
Patch attached. 
 
Cheers 
 -Tim

------- You are receiving this mail because: -------
You are the assignee for the bug.
You are the QA contact for the bug.