[Bug 661629] New: [0.11] static_caps_get is racy

GStreamer (bugzilla.gnome.org) bugzilla at gnome.org
Thu Oct 13 00:07:36 PDT 2011 

https://bugzilla.gnome.org/show_bug.cgi?id=661629
  GStreamer | gstreamer (core) | git

           Summary: [0.11] static_caps_get is racy
    Classification: Platform
           Product: GStreamer
           Version: git
        OS/Version: All
            Status: UNCONFIRMED
          Severity: major
          Priority: Normal
         Component: gstreamer (core)
        AssignedTo: gstreamer-bugs at lists.freedesktop.org
        ReportedBy: mail at renestadler.de
         QAContact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---


Created an attachment (id=198912)
 View: https://bugzilla.gnome.org/attachment.cgi?id=198912
 Review: https://bugzilla.gnome.org/review?bug=661629&attachment=198912

Possible fix

In 0.10 and 0.11, gst_static_caps_get() contains this comment:

   we construct the caps on the stack, then copy over the struct into our
   real caps, refcount last. We do this because we must leave the refcount
   of the result caps to 0 so that other threads don't run away with the
   caps while we are constructing it.

However in 0.11, the surrounding code was changed in such a way that the
statement in the comment no longer applies. The new code calls gst_caps_init()
on the (static) caps, which inits the miniobject refcount to 1. This creates a
race (the one which is exactly documented in the comment above).

The solution is to initialize the new object structure with a ref count of 0 as
before. gst_caps_init() is a function local to gstcaps.c; it could be changed
to set a ref count of 0 instead of 1. This is actually done by
gst_mini_object_init(), so perhaps a new (private) function
_gst_mini_object_init0() is needed.

The code block can then close again with a call to ref the new caps from 0 to
1, which is really important because we need to keep the CPU from reordering
here (which the atomic increment memory barrier will ensure).

Attaching possible fix (but maybe Wim has a more elegant/different idea).

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list