1. 19 Feb, 2019 1 commit
    • Alex Ashley's avatar
      curlhttpsrc: fix various leaks and thread safety issues · c2fe4e58
      Alex Ashley authored
      curlhttpsrc uses a single thread running the
      gst_curl_http_src_curl_multi_loop() function to handle receiving
      data and messages from libcurl. Each instance of curlhttpsrc adds
      an entry into a queue in GstCurlHttpSrcMultiTaskContext and waits
      for the multi_loop to perform the HTTP request.
      Valgrind has shown up race conditions and memory leaks:
      1. gst_curl_http_src_change_state() does not wait for the multi_loop
         to complete before going to the NULL state, which means that
         an instance of GstCurlHttpSrc can be released while
         gst_curl_http_src_curl_multi_loop() still has a reference to it.
      2. if multiple elements try to be removed from the queue at once,
         only the last one is deleted.
      3. source->caps is leaked
      4. curl multi_handle is leaked
      5. leak of curl_handle if URI not set
      6. leak of http_headers when reusing element
      7. null pointer dereference in negotiate caps
      8. double-free of the default user-agent string
      9. leak of multi_task_context.task
      This commit changes the logic so that each element has a connection
      status, which is used by the multi_loop to decide when to remove an
      element from its queue. An instance of curlhttpsrc will not enter
      the NULL state until its reference has been removed from the queue.
      When shutting down the curl multi loop, the memory allocated from the
      call to curl_multi_init() is now released.
      When gstadaptivedemux uses a URI source element, it will re-use
      it for multiple requests, moving it between READY and PLAYING
      between each request. curlhttpsrc was leaking the http_headers
      structure in this use case.
      The gst_curl_http_src_negotiate_caps() function extracts the
      "response-headers" field from the http_headers, but did not check
      that this field might be NULL.
      If the user-agent property is set, the global user-agent string
      was freed. This caused a double-free error if the user-agent is
      ever set a second time during the execution of the process.
      There are situations within curlhttpsrc where the code needs
      both the global multi_task_context mutex and the per-element
      buffer_mutex. To avoid deadlocks, it is vital that the order in
      which these are requested is always the same. This commit modifies
      the locking order to always be in the order:
       1. multi_task_context.task_rec_mutex
       2. buffer_mutex
      Fixes #876
  2. 08 Aug, 2017 1 commit
  3. 26 Jul, 2017 2 commits