• Alex Ashley's avatar
    curlhttpsrc: fix various leaks and thread safety issues · c2fe4e58
    Alex Ashley authored
    curlhttpsrc uses a single thread running the
    gst_curl_http_src_curl_multi_loop() function to handle receiving
    data and messages from libcurl. Each instance of curlhttpsrc adds
    an entry into a queue in GstCurlHttpSrcMultiTaskContext and waits
    for the multi_loop to perform the HTTP request.
    
    Valgrind has shown up race conditions and memory leaks:
    1. gst_curl_http_src_change_state() does not wait for the multi_loop
       to complete before going to the NULL state, which means that
       an instance of GstCurlHttpSrc can be released while
       gst_curl_http_src_curl_multi_loop() still has a reference to it.
    2. if multiple elements try to be removed from the queue at once,
       only the last one is deleted.
    3. source->caps is leaked
    4. curl multi_handle is leaked
    5. leak of curl_handle if URI not set
    6. leak of http_headers when reusing element
    7. null pointer dereference in negotiate caps
    8. double-free of the default user-agent string
    9. leak of multi_task_context.task
    
    This commit changes the logic so that each element has a connection
    status, which is used by the multi_loop to decide when to remove an
    element from its queue. An instance of curlhttpsrc will not enter
    the NULL state until its reference has been removed from the queue.
    
    When shutting down the curl multi loop, the memory allocated from the
    call to curl_multi_init() is now released.
    
    When gstadaptivedemux uses a URI source element, it will re-use
    it for multiple requests, moving it between READY and PLAYING
    between each request. curlhttpsrc was leaking the http_headers
    structure in this use case.
    
    The gst_curl_http_src_negotiate_caps() function extracts the
    "response-headers" field from the http_headers, but did not check
    that this field might be NULL.
    
    If the user-agent property is set, the global user-agent string
    was freed. This caused a double-free error if the user-agent is
    ever set a second time during the execution of the process.
    
    There are situations within curlhttpsrc where the code needs
    both the global multi_task_context mutex and the per-element
    buffer_mutex. To avoid deadlocks, it is vital that the order in
    which these are requested is always the same. This commit modifies
    the locking order to always be in the order:
     1. multi_task_context.task_rec_mutex
     2. buffer_mutex
    
    Fixes #876
    c2fe4e58
gstcurldefaults.h 6.57 KB