[Bug 727409] New: streamsynchronizer does invalid memory access

GStreamer (bugzilla.gnome.org) bugzilla at gnome.org
Mon Mar 31 21:03:36 PDT 2014 

https://bugzilla.gnome.org/show_bug.cgi?id=727409
  GStreamer | gst-plugins-base | 1.2.3

           Summary: streamsynchronizer does invalid memory access
    Classification: Platform
           Product: GStreamer
           Version: 1.2.3
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: gst-plugins-base
        AssignedTo: gstreamer-bugs at lists.freedesktop.org
        ReportedBy: msameer at foolab.org
         QAContact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---


if streamsynchronizer receives a buffer which is not copyable then it can cause
a crash.

gststreamsynchronizer.c line 556 and 557:
buffer = gst_buffer_make_writable (buffer);                         
GST_BUFFER_FLAG_UNSET (buffer, GST_BUFFER_FLAG_DISCONT);

The code does not check the return value of gst_buffer_make_writable ()

in my case, I have buffers with an uncopyable GstMemory which causes
gst_mini_object_make_writable to return NULL.

Here's what valgrind shows:
0:00:20.032290552 25081  0x7ea1780 DEBUG        GST_PERFORMANCE
gstminiobject.c:326:gst_mini_object_make_writable: copy GstBuffer miniobject
0x4f8a828 -> (nil)
==25081== Thread 10:
==25081== Invalid read of size 4
==25081==    at 0x51586F4: gst_stream_synchronizer_sink_chain
(gststreamsynchronizer.c:557)
==25081==    by 0x48B0717: gst_pad_push_data (gstpad.c:3760)
==25081==    by 0x48A0173: gst_proxy_pad_chain_default (gstghostpad.c:128)
==25081==    by 0x48B0717: gst_pad_push_data (gstpad.c:3760)
==25081==    by 0x5342A1F: gst_selector_pad_chain (gstinputselector.c:1108)
==25081==    by 0x48B0717: gst_pad_push_data (gstpad.c:3760)
==25081==    by 0x48A0173: gst_proxy_pad_chain_default (gstghostpad.c:128)
==25081==    by 0x48B0717: gst_pad_push_data (gstpad.c:3760)
==25081==    by 0x48A0173: gst_proxy_pad_chain_default (gstghostpad.c:128)
==25081==    by 0x48B0717: gst_pad_push_data (gstpad.c:3760)
==25081==    by 0x523625F: gst_video_decoder_clip_and_push_buf
(gstvideodecoder.c:2657)
==25081==    by 0x523BBDF: gst_video_decoder_finish_frame
(gstvideodecoder.c:2572)
==25081==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==25081== 
Caught SIGSEGV

Notice the (nil) printed by gst_mini_object_make_writable()

Here is my pipeline:
GST_DEBUG='*:3,GST_PERFORMANCE:5' valgrind  gst-launch-1.0 playbin
uri=file:////home/nemo/Videos/Camera/20140327_001.mp4 flags=99

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list