[gstreamer-bugs] [Bug 308766] New: gst_element_factory_create() may invalidate pad templates for the factory it is called with

bugzilla-daemon at bugzilla.gnome.org bugzilla-daemon at bugzilla.gnome.org
Thu Jun 23 05:48:28 PDT 2005 

Please DO NOT reply to this by email. All additional comments should be made in
the comments box of this bug report.

 http://bugzilla.gnome.org/show_bug.cgi?id=308766
 GStreamer | gstreamer (core) | Ver: 0.8.10

           Summary: gst_element_factory_create() may invalidate pad
                    templates for the factory it is called with
           Product: GStreamer
           Version: 0.8.10
          Platform: Other
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: critical
          Priority: Normal
         Component: gstreamer (core)
        AssignedTo: gstreamer-bugs at lists.sourceforge.net
        ReportedBy: darkeye at tyrell.hu
         QAContact: gstreamer-bugs at lists.sourceforge.net
                CC: all-bugs at bugzilla.gnome.org


when calling gst_element_factory_create(factory), the factory object itself may
be altered, for example, its pad templates may be freed and re-allocated. this
can cause a problem with applications storing the templates earlier. for
example, the examples/manual/dynamic.c sample program does this:

    for (pads = gst_element_factory_get_pad_templates (factory);
         pads != NULL; pads = pads->next) {
      GstPadTemplate *templ = GST_PAD_TEMPLATE (pads->data);

...

        element = gst_element_factory_create (factory, NULL);
        close_link (pad, element, templ->name_template,
            gst_element_factory_get_pad_templates (factory));


in the close_link() call, templ and templ->name_template may be invalid
(already) freed, and thus may access invalid memory.

the reason behind the possible change is that gst_element_factory_create() may
result in the invocation of gst_element_register(), which might reuse the
factory storage, and clean up the old factory resources, in gst/gstelementfactory.c:

  factory = gst_element_factory_find (name);

  if (!factory) {
    factory =
        GST_ELEMENT_FACTORY (g_object_new (GST_TYPE_ELEMENT_FACTORY, NULL));
    gst_plugin_feature_set_name (GST_PLUGIN_FEATURE (factory), name);
    GST_LOG_OBJECT (factory, "Created new elementfactory for type %s",
        g_type_name (type));
    gst_plugin_add_feature (plugin, GST_PLUGIN_FEATURE (factory));
  } else {
    g_return_val_if_fail (factory->type == 0, FALSE);
    gst_element_factory_cleanup (factory);
    GST_LOG_OBJECT (factory, "Reuse existing elementfactory for type %s",
        g_type_name (type));
  }

where gst_element_factory_cleanup() will free up the pad templates associated
with the factory.

------- You are receiving this mail because: -------
You are the assignee for the bug.
You are the QA contact for the bug.

More information about the Gstreamer-bugs mailing list