[Bug 790508] New: srtpenc calling srtp_protect_rtcp after session is deallocated

[GStreamer (GNOME Bugzilla)]

https://bugzilla.gnome.org/show_bug.cgi?id=790508

            Bug ID: 790508
           Summary: srtpenc calling srtp_protect_rtcp after session is
                    deallocated
    Classification: Platform
           Product: GStreamer
           Version: 1.12.0
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gst-plugins-bad
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: jake.foytik at ipconfigure.com
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

Hello, 

I've run into an issue where my program is getting a segfault in libsrtp when
the srtpenc plugin is calling the srtp_protect_rtcp() function. From debugging,
it looks like this function is sometimes being called after the filter->session
has already been freed with the srtp_dealloc() function. 

The srtp_dealloc() function does not appear to set the struct's internal
pointers to NULL (both filter->session->stream_list and
filter->session->stream_template). Rather, the internal pointers are left
pointing to memory that has been freed, so that when the srtp_protect_rtcp()
function is eventually called, it tries to access these structures because they
are not NULL. 

This could be a bug in my older version of libsrtp (1.4.5), but I was able to
get around the issue by setting both the stream_list and stream_template
pointers to NULL after the srtp_deallocate() call in gstsrtpenc.c.

I can provide a patch if that makes sense.

Thanks,
Jake

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.