[gstreamer-bugs] [Bug 619943] New: [jpegenc] Crash if playing -> setcaps -> ready -> setcaps
GStreamer (bugzilla.gnome.org)
bugzilla at gnome.org
Fri May 28 06:42:31 PDT 2010
https://bugzilla.gnome.org/show_bug.cgi?id=619943
GStreamer | gst-plugins-good | git
Summary: [jpegenc] Crash if playing -> setcaps -> ready ->
setcaps
Classification: Desktop
Product: GStreamer
Version: git
OS/Version: All
Status: UNCONFIRMED
Severity: blocker
Priority: Normal
Component: gst-plugins-good
AssignedTo: gstreamer-bugs at lists.sourceforge.net
ReportedBy: thiago.sousa.santos at collabora.co.uk
QAContact: gstreamer-bugs at lists.sourceforge.net
GNOME target: ---
GNOME version: ---
Jpegenc will crash if the following sequence of actions take place:
1) Create (jpegenc->row[x][y] are NULL)
2) Set to playing
3) set_caps takes place and calls '_resync'
Piece of code form _resync:
[code]
if (!jpegenc->planar) {
for (j = 0; j < jpegenc->v_max_samp * DCTSIZE; j++) {
jpegenc->row[i][j] = g_realloc (jpegenc->row[i][j], width);
jpegenc->line[i][j] = jpegenc->row[i][j];
}
}
[/code]
4) Everything goes fine, you set it to READY
* At this point _reset is called
Piece of code form _reset:
[code]
for (i = 0; i < 3; i++) {
for (j = 0; j < 4 * DCTSIZE; j++) {
g_free (enc->row[i][j]);
}
}
[/code]
'row' is freed and non-null (oh oh)
5) set it to playing again
6) set_caps is called... crash on g_realloc! (double free)
Patch follows.
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the Gstreamer-bugs
mailing list