[Bug 696681] New: shm: clients array must be last in ShmBuffer struct

GStreamer (bugzilla.gnome.org) bugzilla at gnome.org
Wed Mar 27 03:12:37 PDT 2013 

https://bugzilla.gnome.org/show_bug.cgi?id=696681
  GStreamer | gst-plugins-bad | git

           Summary: shm: clients array must be last in ShmBuffer struct
    Classification: Platform
           Product: GStreamer
           Version: git
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: gst-plugins-bad
        AssignedTo: gstreamer-bugs at lists.freedesktop.org
        ReportedBy: davidsf at axis.com
         QAContact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---


Created an attachment (id=239936)
 View: https://bugzilla.gnome.org/attachment.cgi?id=239936
 Review: https://bugzilla.gnome.org/review?bug=696681&attachment=239936

Keep clients array last in ShmBuffer struct

On a 32-bit machine, I get a segfault in the unit test for elements/shm. A
backtrace in gdb is as follows:

#0  0x556781c5 in gst_mini_object_unref (mini_object=0xffffffff) at
/home/davidsf/checkouts/p3367-01/unpacked/libs/gstreamer-72a175b7724f88f7ade2dd7f02356817c936867d/gstreamer/gst/gstminiobject.c:437
#1  0x55a9f5f2 in gst_buffer_unref (data=0x809e020) at
/home/davidsf/checkouts/p3367-01/target/host-i686/usr/include/gstreamer-1.0/gst/gstbuffer.h:350
#2  pollthread_func (data=0x809e020) at
/home/davidsf/checkouts/p3367-01/libs/gst-plugins-bad/gst-plugins-bad/sys/shm/gstshmsink.c:863
#3  0x5587eff2 in g_thread_proxy (data=0x8053bb0) at
/home/davidsf/checkouts/p3367-01/unpacked/libs/glib-IR2.32.4-1/glib/glib/gthread.c:801
#4  0x55921955 in start_thread (arg=0x55da9b70) at pthread_create.c:300
#5  0x55a046be in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Further debugging shows that in pollthread_func in gstshmsink.c, the pointer
tag gets the value -1 from sp_writer_recv, and the segfault comes when
gst_buffer_unref is called on that pointer.

The problem is that the field "tag" has been put last in the ShmBuffer struct.
It is important that the "clients" array pointer is last in that struct,
because in sp_writer_send_buf memory is allocated for two blocks, where
sp->clients points into the second block.

The attached patch moves the tag field before the array.

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list