[Bug 750544] RTSP server: crashes when accessing freed session in keep alive callback on shutdown

GStreamer (GNOME Bugzilla) bugzilla at gnome.org
Mon Sep 5 14:58:55 UTC 2016 

https://bugzilla.gnome.org/show_bug.cgi?id=750544

Kseniya Vasilchuk <vasilchukkseniia at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vasilchukkseniia at gmail.com

--- Comment #6 from Kseniya Vasilchuk <vasilchukkseniia at gmail.com> ---
Created attachment 334826
  --> https://bugzilla.gnome.org/attachment.cgi?id=334826&action=edit
Possible fix for 1.7.x and later

I got the segfault with the same reason in 1.7.x. 
I've tried to update the version to fresher one commit by commit and I found
that segfault disappearied after commit below:

author    Jake Foytik <jake.foytik at ipconfigure.com>    2016-04-25 12:55:25
(GMT)
committer    Sebastian Dröge <sebastian at centricular.com>    2016-04-29 08:49:14
(GMT)
commit    fe5f8077c1523206147c746cc40364ea16da669f (patch)
tree    5db07f69e50cfa166d8b752c36ca0ed132ff4468
parent    aa9a2443a1d303727167b5b253e09e31fea6f09b (diff)
rtsp-stream: Fix crash on cleanup with shared media and multiple udpsrc
 - Unicast udpsrcs are now managed in a hash table. This allows for proper
cleanup in with shared streams and fixes a memory leak.
 - Unicast udpsrcs are now properly cleaned up when shared connections exit.
See the update_transport() function.
 - Create unit test for shared media.

https://bugzilla.gnome.org/show_bug.cgi?id=764744

But there is no direct connection between this commit and segfault leaving so
it looks like a race condition as Denis said.

I've done some research and found that segfault happens if
"gst_rtsp_stream_transport_keep_alive" calls after removing session in
"client_unwatch_session" but before "gst_rtsp_stream_transport_finalize"
function or "g_object_set_qdata (source, ssrc_stream_map_key, NULL)" function
calls.

To prevent it, I've written a patch to unset do_keepalive callback before the
session will be removed, please watch it.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list