[Bug 707536] New: [collectpads] unref of NULL pointer after pad removal
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Wed Sep 4 23:23:47 PDT 2013
https://bugzilla.gnome.org/show_bug.cgi?id=707536
GStreamer | gstreamer (core) | git
Summary: [collectpads] unref of NULL pointer after pad removal
Classification: Platform
Product: GStreamer
Version: git
OS/Version: Mac OS
Status: UNCONFIRMED
Severity: critical
Priority: Normal
Component: gstreamer (core)
AssignedTo: gstreamer-bugs at lists.freedesktop.org
ReportedBy: zaheermerali at gmail.com
QAContact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
Created an attachment (id=254155)
--> (https://bugzilla.gnome.org/attachment.cgi?id=254155)
patch to fix
If a pad is removed while a collectpads element (say adder) is in a chain
function waiting to be collected, there is a possibility that an unref happens
on a NULL pointer.
The code below shows the pad_removed label would only be gone to when data is
NULL:
if (G_UNLIKELY ((data = gst_pad_get_element_private (pad)) == NULL))
goto pad_removed;
Yet in pad_removed, it does a goto unlock_done:
pad_removed:
{
GST_WARNING ("%s got removed from collectpads", GST_OBJECT_NAME (pad));
GST_OBJECT_UNLOCK (pad);
ret = GST_FLOW_NOT_LINKED;
goto unlock_done;
}
And in unlock_done, unref_data is done on data, which in this case is
guaranteed to be NULL.
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list