Skip to content

tests: libs/player test_play_media_info test invalid string access

Submitted by Tim Müller @tpm

Link to original bug (#787372)

Description

$ GST_DEBUG=check:6 GST_CHECKS=test_play_media_info make libs/player.forever

This will lead to invalid garbage strings being printed in the debug log output here:

uri_loaded {GARBAGE} -> (nil)

valgrind trace:

==7655== Invalid read of size 1
==7655== at 0x4C2EDE2: strlen (vg_replace_strmem.c:458)
==7655== by 0x5B42852: __gst_vasnprintf (vasnprintf.c:561)
==7655== by 0x5B43CCC: __gst_vasprintf (printf.c:154)
==7655== by 0x5AD856F: gst_debug_message_get (gstinfo.c:588)
==7655== by 0x5AD9B0D: gst_debug_log_default (gstinfo.c:1188)
==7655== by 0x5AD8C34: gst_debug_log_valist (gstinfo.c:566)
==7655== by 0x5AD8D9A: gst_debug_log (gstinfo.c:498)
==7655== by 0x10D713: test_player_state_change_debug.part.3 (player.c:191)
==7655== by 0x10D8A2: test_player_state_change_debug (player.c:191)
==7655== by 0x10D8A2: state_changed_cb (player.c:342)
==7655== by 0x5DB8F9C: g_closure_invoke (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x5DCBD2D: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x5DD4504: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x5DD4F1E: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x4E4AAAC: g_main_context_signal_dispatcher_dispatch_gsourcefunc (gstplayer-g-main-context-signal-dispatcher.c:157)
==7655== by 0x6047DD4: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x604819F: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x60484B1: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x1100F4: stop_player (player.c:441)
==7655== by 0x1100F4: test_play_media_info (player.c:750)
==7655== by 0x5562480: tcase_run_tfun_fork (check_run.c:465)
==7655== by 0x5562480: srunner_iterate_tcase_tfuns (check_run.c:237)
==7655== by 0x5562480: srunner_run_tcase (check_run.c:377)
==7655== by 0x5562480: srunner_iterate_suites (check_run.c:205)
==7655== by 0x5562480: srunner_run_tagged (check_run.c:740)
==7655== by 0x555727D: gst_check_run_suite (gstcheck.c:1057)
==7655== Address 0x8a626f0 is 0 bytes inside a block of size 73 free'd
==7655== at 0x4C2CE1B: free (vg_replace_malloc.c:530)
==7655== by 0x10D884: test_player_state_reset (player.c:228)
==7655== by 0x10D884: state_changed_cb (player.c:340)
==7655== by 0x5DB8F9C: g_closure_invoke (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x5DCBD2D: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x5DD4504: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x5DD4F1E: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x4E4AAAC: g_main_context_signal_dispatcher_dispatch_gsourcefunc (gstplayer-g-main-context-signal-dispatcher.c:157)
==7655== by 0x6047DD4: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x604819F: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x60484B1: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x1100F4: stop_player (player.c:441)
==7655== by 0x1100F4: test_play_media_info (player.c:750)
==7655== by 0x5562480: tcase_run_tfun_fork (check_run.c:465)
==7655== by 0x5562480: srunner_iterate_tcase_tfuns (check_run.c:237)
==7655== by 0x5562480: srunner_run_tcase (check_run.c:377)
==7655== by 0x5562480: srunner_iterate_suites (check_run.c:205)
==7655== by 0x5562480: srunner_run_tagged (check_run.c:740)
==7655== by 0x555727D: gst_check_run_suite (gstcheck.c:1057)
==7655== by 0x10A79E: main (player.c:1732)
==7655== Block was alloc'd at
==7655== at 0x4C2BBEF: malloc (vg_replace_malloc.c:299)
==7655== by 0x604D538: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x6066A0E: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x10C157: uri_loaded_cb (player.c:382)
==7655== by 0x5DB8F9C: g_closure_invoke (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x5DCBD2D: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x5DD4504: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x5DD4F1E: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.5306.0)
==7655== by 0x4E4AAAC: g_main_context_signal_dispatcher_dispatch_gsourcefunc (gstplayer-g-main-context-signal-dispatcher.c:157)
==7655== by 0x6047DD4: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x604819F: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x60484B1: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.5306.0)
==7655== by 0x1100C5: test_play_media_info (player.c:747)
==7655== by 0x5562480: tcase_run_tfun_fork (check_run.c:465)
==7655== by 0x5562480: srunner_iterate_tcase_tfuns (check_run.c:237)
==7655== by 0x5562480: srunner_run_tcase (check_run.c:377)
==7655== by 0x5562480: srunner_iterate_suites (check_run.c:205)
==7655== by 0x5562480: srunner_run_tagged (check_run.c:740)
==7655== by 0x555727D: gst_check_run_suite (gstcheck.c:1057)
==7655== by 0x10A79E: main (player.c:1732)