[Bug 790508] New: srtpenc calling srtp_protect_rtcp after session is deallocated
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Fri Nov 17 16:15:39 UTC 2017
https://bugzilla.gnome.org/show_bug.cgi?id=790508
Bug ID: 790508
Summary: srtpenc calling srtp_protect_rtcp after session is
deallocated
Classification: Platform
Product: GStreamer
Version: 1.12.0
OS: Linux
Status: NEW
Severity: normal
Priority: Normal
Component: gst-plugins-bad
Assignee: gstreamer-bugs at lists.freedesktop.org
Reporter: jake.foytik at ipconfigure.com
QA Contact: gstreamer-bugs at lists.freedesktop.org
GNOME version: ---
Hello,
I've run into an issue where my program is getting a segfault in libsrtp when
the srtpenc plugin is calling the srtp_protect_rtcp() function. From debugging,
it looks like this function is sometimes being called after the filter->session
has already been freed with the srtp_dealloc() function.
The srtp_dealloc() function does not appear to set the struct's internal
pointers to NULL (both filter->session->stream_list and
filter->session->stream_template). Rather, the internal pointers are left
pointing to memory that has been freed, so that when the srtp_protect_rtcp()
function is eventually called, it tries to access these structures because they
are not NULL.
This could be a bug in my older version of libsrtp (1.4.5), but I was able to
get around the issue by setting both the stream_list and stream_template
pointers to NULL after the srtp_deallocate() call in gstsrtpenc.c.
I can provide a patch if that makes sense.
Thanks,
Jake
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list