[Bug 777399] New: v4l2allocator: memory referenced too late

[GStreamer (GNOME Bugzilla)]

https://bugzilla.gnome.org/show_bug.cgi?id=777399

            Bug ID: 777399
           Summary: v4l2allocator: memory referenced too late
    Classification: Platform
           Product: GStreamer
           Version: 1.11.1
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gst-plugins-good
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: jean-christophe.trotin at st.com
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

In the gst_v4l2_allocator_qbuf() function, the memory ("group->mem[i]") is
referenced ("gst_memory_ref") after the buffer has been queued ("VIDIOC_QBUF").

Once queued, this buffer might be handled by the V4L2 driver (e.g. decoded) and
dequeued (see the gst_v4l2_allocator_dqbuf() function) through a different
thread than the one that queued it: these actions might occur before the memory
is referenced (gst_memory_ref) in the gst_v4l2_allocator_qbuf() function. In
other words, the buffer might be dequeued through the
gst_v4l2_allocator_dqbuf() function before the gst_v4l2_allocator_qbuf()
function has completed its actions on this buffer.

Then, in this situation, in the gst_v4l2_allocator_dqbuf() function, the memory
is unreferenced (gst_memory_unref) before having been referenced (by the
gst_v4l2_allocator_qbuf() function): the memory refcount reaches 0, and the
memory is freed, which is not the expecting behavior.

To avoid this crossing case, the proposition is to reference the memory before
the buffer is queued, and to unreference it if the queueing fails, in the
gst_v4l2_allocator_qbuf() function.

A patch will be attached soon.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.