[gstreamer-bugs] [Bug 529723] New: Crash caused by double free in gst_bus_dispose

GStreamer (bugzilla.gnome.org) bugzilla-daemon at bugzilla.gnome.org
Thu Apr 24 07:36:39 PDT 2008


If you have any questions why you received this email, please see the text at
the end of this email. Replies to this email are NOT read, please see the text
at the end of this email. You can add comments to this bug at:
  http://bugzilla.gnome.org/show_bug.cgi?id=529723

  GStreamer | gstreamer (core) | Ver: HEAD CVS
           Summary: Crash caused by double free in gst_bus_dispose
           Product: GStreamer
           Version: HEAD CVS
          Platform: Other
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: critical
          Priority: Normal
         Component: gstreamer (core)
        AssignedTo: gstreamer-bugs at lists.sourceforge.net
        ReportedBy: hexa00 at gmail.com
         QAContact: gstreamer-bugs at lists.sourceforge.net
     GNOME version: Unspecified
   GNOME milestone: Unspecified


This crash was caused by a possible double free of a message
between : gst_bin_dispose and bin_replace_message

Since the handler is still active and that there is no lock
at the moment of the call to bin_remove_message :

gst_bin_replace_message can be called at the same time and 
they can both acquire a pointer to the same message and try to
unref it

Fixed by locking the bin_remove_messages call

The backtrace of the crash looked like :

9  0x037d1b12 in _int_free () from /lib/tls/libc.so.6
#10 0x037d233a in free () from /lib/tls/libc.so.6
#11 0x00625c22 in g_free () from 
#12 0x005fd23c in g_array_free () 
#13 0x0029d951 in gst_structure_free () 
#14 0x00285e49 in _gst_message_initialize () 
#15 0x002876f8 in gst_mini_object_unref () 
#16 0x0026cd85 in gst_bus_set_sync_handler () 
#17 0x0061ccdd in g_source_remove_poll () 
#18 0x0061f5b4 in g_main_context_acquire () 
#19 0x0061f91a in g_main_loop_run ()


-- 
See http://bugzilla.gnome.org/page.cgi?id=email.html for more info about why you received
this email, why you can't respond via email, how to stop receiving
emails (or reduce the number you receive), and how to contact someone
if you are having problems with the system.

You can add comments to this bug at http://bugzilla.gnome.org/show_bug.cgi?id=529723.




More information about the Gstreamer-bugs mailing list