[Bug 650072] New: [basevideoencoder] Fix use-after-free after state change transition

GStreamer (bugzilla.gnome.org) bugzilla at gnome.org
Thu May 12 16:21:29 PDT 2011 

https://bugzilla.gnome.org/show_bug.cgi?id=650072
  GStreamer | gst-plugins-bad | git

           Summary: [basevideoencoder] Fix use-after-free after state
                    change transition
    Classification: Platform
           Product: GStreamer
           Version: git
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: gst-plugins-bad
        AssignedTo: gstreamer-bugs at lists.freedesktop.org
        ReportedBy: ylatuya at gmail.com
         QAContact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---


When going from PAUSED to READY and back to PAUSED I get the following
backtrace:

(gdb) bt
#0  0x00681416 in __kernel_vsyscall ()
#1  0x00c22941 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0x00c25e42 in abort () at abort.c:92
#3  0x00c5a305 in __libc_message (do_abort=2, fmt=0xd32280 "*** glibc
detected *** %s: %s: 0x%s ***\n")
   at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#4  0x00c64501 in malloc_printerr (action=<value optimized out>,
str=0x6 <Address 0x6 out of bounds>, ptr=0x89b7880) at malloc.c:6283
#5  0x00c65d70 in _int_free (av=<value optimized out>, p=<value
optimized out>) at malloc.c:4795
#6  0x00c68e5d in __libc_free (mem=0x89b7880) at malloc.c:3738
#7  0x00b33486 in g_free () from /lib/libglib-2.0.so.0
#8  0x007508c5 in gst_base_video_codec_free_frame (frame=0x89b7880) at
gstbasevideocodec.c:553
#9  0x00750b52 in gst_base_video_codec_reset
(base_video_codec=0x89b8140) at gstbasevideocodec.c:120
#10 0x00750c05 in gst_base_video_codec_change_state
(element=0x89b8140, transition=GST_STATE_CHANGE_READY_TO_PAUSED)
   at gstbasevideocodec.c:505
#11 0x00757bad in gst_base_video_encoder_change_state
(element=0x89b8140, transition=GST_STATE_CHANGE_READY_TO_PAUSED)
   at gstbasevideoencoder.c:449
#12 0x006b9295 in gst_element_change_state (element=0x89b8140,
transition=GST_STATE_CHANGE_READY_TO_PAUSED) at gstelement.c:2718
#13 0x006bcd5f in gst_element_set_state_func (element=0x89b8140,
state=GST_STATE_PLAYING) at gstelement.c:2674
#14 0x006b8650 in gst_element_set_state (element=0x89b8140,
state=GST_STATE_PLAYING) at gstelement.c:2575
#15 0x003ae70e in _wrap_gst_element_set_state (self=0x897d964,
args=0x897aecc, kwargs=0x0) at gstelement.override:71
#16 0x080ddd23 in PyEval_EvalFrameEx ()
#17 0x080df04c in PyEval_EvalFrameEx ()
#18 0x080dfbb2 in PyEval_EvalCodeEx ()

Attached patch.

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list