[gstreamer-bugs] [Bug 348233] New: dv1394src crashes with libavc1394 0.5.3 - cause known

GStreamer (bugzilla.gnome.org) bugzilla-daemon at bugzilla.gnome.org
Fri Jul 21 04:12:42 PDT 2006 

Do not reply to this via email (we are currently unable to handle email
responses and they get discarded).  You can add comments to this bug at
http://bugzilla.gnome.org/show_bug.cgi?id=348233
 GStreamer | gst-plugins-good | Ver: 0.10.x

           Summary: dv1394src crashes with libavc1394 0.5.3 - cause known
           Product: GStreamer
           Version: 0.10.x
          Platform: Other
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: gst-plugins-good
        AssignedTo: gstreamer-bugs at lists.sourceforge.net
        ReportedBy: marcelm at luon.net
         QAContact: gstreamer-bugs at lists.sourceforge.net
     GNOME version: 2.13/2.14
   GNOME milestone: Unspecified


When libavc1394 0.5.3 is installed:

[marcelm at salyut ~]$ gst-launch dv1394src ! fakesink
Setting pipeline to PAUSED ...
Segmentation fault

The same pipeline works fine with libavc1394 0.5.1.

I have tracked down the issue. libraw1394 has a concept of handles, which
maintain some state for operations on the firewire bus. libraw1394 handles have
a field called userdata, which applications can use for quick access to their
own administration in callback functions etc.

dv1394src uses this userdata field. Starting with version 0.5.3, libavc1394
also uses this userdata field for its own purposes. This clashes.

Specifically, in gst_dv1394src_start(), dv1394src sets the userdata with
raw1394_set_userdata(), and later calls avc1394_vcr_is_recording(). In
libavc1394, avc1394_vcr_is_recording() eventually calls
init_avc_response_handler(), which sets the userdata using
raw1394_set_userdata(). libavc1394's userdata is later freed, but the userdata
field of the libraw1394 handle still points to this freed memory. When
dv1394src tries to dereference it (in gst_dv1394src_iso_receive()), it SEGVs.

To fix this, either:

 - dv1394src must stop relying on the userdata field, or
 - libavc1394 must stop using the userdata field, or
 - libavc1394 must restore the userdata field to its previous value after using
it


-- 
Configure bugmail: http://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the Gstreamer-bugs mailing list