[Bug 762702] New: gst_bus_add_watch will SEGV when process reaches fd limit

GStreamer (GNOME Bugzilla) bugzilla at gnome.org
Thu Feb 25 22:44:58 UTC 2016 

https://bugzilla.gnome.org/show_bug.cgi?id=762702

            Bug ID: 762702
           Summary: gst_bus_add_watch will SEGV when process reaches fd
                    limit
    Classification: Platform
           Product: GStreamer
           Version: git master
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: Normal
         Component: gstreamer (core)
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: james at stev.org
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

Created attachment 322414
  --> https://bugzilla.gnome.org/attachment.cgi?id=322414&action=edit
Test program to generate issue

gst_bus_add_watch will SEGV when process reaches fd limit

When gst_bus_new is called. It will fail to init priv->poll correctly because
the socketpair call fails.

So when gst_bus_add_watch is called it will then fail to check the return the
failing gst_bus_create_watch which will then derefence the null pointer.



#0  0x00007ffff6da6b24 in g_source_attach (source=source at entry=0x0,
context=0x0) at /build/glib2.0-MuyBSS/glib2.0-2.46.2/./glib/gmain.c:1163
#1  0x00007ffff7aee728 in gst_bus_add_watch_full_unlocked (bus=<optimised out>,
priority=<optimised out>, func=0x400936 <callback>, user_data=0x0, notify=0x0)
at gstbus.c:902
#2  0x00007ffff7aee850 in gst_bus_add_watch_full (bus=0x630060 [GstBus],
priority=0, func=0x400936 <callback>, user_data=0x0, notify=0x0)
    at gstbus.c:953
#3  0x00000000004009fb in main (argc=1, argv=0x7fffffffbb48) at
test-gstbus.c:34
(gdb) f 3
#3  0x00000000004009fb in main (argc=1, argv=0x7fffffffbb48) at
test-gstbus.c:34
warning: Source file is more recent than executable.
34        
(gdb) p *bus
$1 = {object = {object = {g_type_instance = {g_class = 0x61ade0}, ref_count =
1, qdata = 0x0}, lock = {p = 0x1, i = {1, 0}}, 
    name = 0x619800 "bus0", parent = 0x0, Python Exception <class 'TypeError'>
iter() returned non-iterator of type '_iterator': 
flags = 0, control_bindings = 0x0, control_rate = 100000000, last_sync =
18446744073709551615, 
    _gst_reserved = 0x0}, priv = 0x630010, _gst_reserved = {0x0, 0x0, 0x0,
0x0}}
(gdb) p *bus.priv
$2 = {queue = 0x62fc50, queue_lock = {p = 0x0, i = {0, 0}}, sync_handler = 0x0,
sync_handler_data = 0x0, sync_handler_notify = 0x0, 
  num_signal_watchers = 0, num_sync_message_emitters = 0, signal_watch = 0x0,
enable_async = 1, poll = 0x0, pollfd = {fd = 0, events = 0, 
    revents = 0}}

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list