[gstreamer-bugs] [Bug 593391] New: [rtpsession] : rtp_session_on_timeout : Invalid read of size 4

GStreamer (bugzilla.gnome.org) bugzilla at gnome.org
Fri Aug 28 07:29:13 PDT 2009 

http://bugzilla.gnome.org/show_bug.cgi?id=593391

           Summary: [rtpsession] : rtp_session_on_timeout : Invalid read
                    of size 4
    Classification: Desktop
           Product: GStreamer
           Version: git
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: gst-plugins-good
        AssignedTo: gstreamer-bugs at lists.sourceforge.net
        ReportedBy: gstelzz at yahoo.fr
         QAContact: gstreamer-bugs at lists.sourceforge.net
      GNOME target: ---
     GNOME version: ---


--- Comment #0 from Aurelien Grimaud <gstelzz at yahoo.fr> 2009-08-28 14:29:11 UTC ---
valgrind reports an Invalid read in rtp_session_on_timeout.

==00:00:17:44.684 17554== Invalid read of size 4
==00:00:17:44.684 17554==    at 0x4385196: gst_caps_ref (gstcaps.c:382)
==00:00:17:44.684 17554==    by 0x43880F0: gst_caps_replace (gstcaps.c:1927)
==00:00:17:44.684 17554==    by 0x43800CF: gst_buffer_set_caps
(gstbuffer.c:408)
==00:00:17:44.684 17554==    by 0x73558FD: gst_rtp_session_send_rtcp
(gstrtpsession.c:1019)
==00:00:17:44.684 17554==    by 0x734DB3F: rtp_session_on_timeout
(rtpsession.c:2512)
==00:00:17:44.684 17554==    by 0x7354FC5: rtcp_thread (gstrtpsession.c:801)
==00:00:17:44.684 17554==    by 0x4636A2E: g_thread_create_proxy
(gthread.c:635)
==00:00:17:44.684 17554==    by 0x484132E: start_thread (in
/lib/libpthread-2.8.so)
==00:00:17:44.684 17554==    by 0x493220D: clone (in /lib/libc-2.8.so)
==00:00:17:44.684 17554==  Address 0x4effa94 is 4 bytes inside a block of size
32 free'd
==00:00:17:44.684 17554==    at 0x402390A: free (vg_replace_malloc.c:323)
==00:00:17:44.684 17554==    by 0x4614D35: g_free (gmem.c:190)
==00:00:17:44.684 17554==    by 0x4385000: _gst_caps_free (gstcaps.c:318)
==00:00:17:44.684 17554==    by 0x43852F2: gst_caps_unref (gstcaps.c:410)
==00:00:17:44.684 17554==    by 0x73558EB: gst_rtp_session_send_rtcp
(gstrtpsession.c:1017)
==00:00:17:44.684 17554==    by 0x734DB3F: rtp_session_on_timeout
(rtpsession.c:2512)
==00:00:17:44.684 17554==    by 0x7354FC5: rtcp_thread (gstrtpsession.c:801)
==00:00:17:44.684 17554==    by 0x4636A2E: g_thread_create_proxy
(gthread.c:635)
==00:00:17:44.684 17554==    by 0x484132E: start_thread (in
/lib/libpthread-2.8.so)
==00:00:17:44.684 17554==    by 0x493220D: clone (in /lib/libc-2.8.so)

It seems that the newly created and affected caps in gst_rtp_session_send_rtcp
are freed when unreffing.
IMHO there is a window for send_rtcp_src pad to be released (and caps with it)
between the gst_pad_set_caps and the gst_caps_unref of
gst_rtp_session_send_rtcp

-- 
Configure bugmail: http://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the Gstreamer-bugs mailing list