[Bug 750544] New: CRITICAL: Race conditions and segmentation fault in RTSP server
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Mon Jun 8 02:00:25 PDT 2015
https://bugzilla.gnome.org/show_bug.cgi?id=750544
Bug ID: 750544
Summary: CRITICAL: Race conditions and segmentation fault in
RTSP server
Classification: Platform
Product: GStreamer
Version: 1.4.5
OS: All
Status: NEW
Severity: critical
Priority: Normal
Component: gst-rtsp-server
Assignee: gstreamer-bugs at lists.freedesktop.org
Reporter: dtverdunov at elvees.com
QA Contact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
Created attachment 304753
--> https://bugzilla.gnome.org/attachment.cgi?id=304753&action=edit
Sample RTSP server to reproduce the bug
It is possible to cause a segfault in RTSP server (probably this is because of
races, as the probability of segfault is not 100%).
Please, look at the attached sample first. You can compile it to reproduce this
bug easily:
1. Launch test RTSP server.
2. Open 6 VLC players and connect five of them to RTSP server.
3. Try to connect to the server in the last 6th VLC, you will receive an error,
as the maximum number of sessions is limited to 5.
4. Now stop playing in one of connected VLC players. RTSP server will almost
certainly crash.
This bug can be also reproduced when you have at least two VLC players
connected to the server and stop playing in one of them, but the probability of
crash in this case is lower.
This bug is also present in GStreamer 1.3.2, but does not lead to segfault.
Instead, you will see the following:
(rtsp_server:3048): CRITICAL **: gst_rtsp_session_touch: assertion
'GST_IS_RTSP_SESSION (session)' failed
After some investigation it is clear that gst_rtsp_session_touch is called
after the session has been completely destroyed. Here is some logs:
0:00:14.962651710 16272 0xcc090 INFO rtspclient
rtsp-client.c:2288:client_session_removed: client 0xb2a28: session 0x46a88840
removed
0:00:14.967672252 16272 0xcc090 INFO rtspclient
rtsp-client.c:332:client_unwatch_session: client 0xb2a28: unwatch session
0x46a88840
//// SESSION IS REMOVED HERE ////
0:00:14.967786752 16272 0xcc090 INFO rtspsession
rtsp-session.c:149:gst_rtsp_session_finalize: finalize session 0x46a88840
0:00:14.968056586 16272 0xcc090 INFO rtspclient
rtsp-client.c:3163:closed: client 0xb29a0: connection closed
0:00:14.968207211 16272 0xcc090 INFO rtspclient
rtsp-client.c:3394:client_watch_notify: client 0xb29a0: watch destroyed
0:00:14.968312419 16272 0xcc090 DEBUG rtspserver
rtsp-server.c:999:unmanage_client:<GstRTSPServer at 0x1cac8> unmanage client
0xb29a0
0:00:14.968446627 16272 0xcc090 DEBUG rtspserver
rtsp-server.c:979:free_client_context: free context 0xcb5b0
0:00:14.968559252 16272 0xcc090 DEBUG default
rtsp-thread-pool.c:173:gst_rtsp_thread_stop: stop thread 0x16598
0:00:14.968640877 16272 0xcc090 INFO rtspclient
rtsp-client.c:371:gst_rtsp_client_finalize: finalize client 0xb29a0
0:00:14.968892836 16272 0xcc090 INFO rtspmedia
rtsp-media.c:2537:gst_rtsp_media_unprepare: media 0x4103d118 still prepared 1
times
0:00:14.969181669 16272 0x42015550 LOG adapter
gstadapter.c:605:gst_adapter_flush_unchecked:<GstAdapter at 0x4100d868> flushing
out head buffer
0:00:14.969292377 16272 0x420154f0 DEBUG rtpsource
rtpsource.c:1305:rtp_source_process_rb: got RB packet: SSRC 6d054002, FL 0, PL
-1, HS 85145, jitter 8900, LSR 3e15:9cc3, DLSR 0000:172d
0:00:14.969416294 16272 0x420154f0 DEBUG rtpsource
rtpsource.c:1332:rtp_source_process_rb: NTP 3e15:b71c, round trip 0000:032c
0:00:14.969532461 16272 0x420154f0 INFO rtspstream
rtsp-stream.c:1431:on_ssrc_active: 0x410400e8: source 0x46a86a88 in transport
0x4100bc90 is active
//// KEEP-ALIVE FOR REMOVED SESSION ////
0:00:14.969600377 16272 0x420154f0 INFO rtspclient
rtsp-client.c:1303:do_keepalive: keep session 0x46a88840 alive
Segmentation fault
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list