/pidgin/main: 160437508477: mediamanager: fix invalid access to ...
Jakub Adam
jakub.adam at ktknet.cz
Sat Jun 18 22:10:09 EDT 2016
Changeset: 1604375084777ee9dff28e66b500a46b280b5845
Author: Jakub Adam <jakub.adam at ktknet.cz>
Date: 2016-06-10 18:22 +0200
Branch: release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/160437508477
Description:
mediamanager: fix invalid access to freed PurpleMediaAppDataInfo
appsrc_destroyed() and appsink_destroyed() may have read from/written to
appdata info after it had been freed. Reported by Valgrind.
Backport of Pidgin 3 commit 76f0178e3479.
diffstat:
libpurple/mediamanager.c | 33 +++++++++++++++++++++++++++++++--
1 files changed, 31 insertions(+), 2 deletions(-)
diffs (60 lines):
diff --git a/libpurple/mediamanager.c b/libpurple/mediamanager.c
--- a/libpurple/mediamanager.c
+++ b/libpurple/mediamanager.c
@@ -562,9 +562,24 @@ purple_media_manager_get_private_media_b
static void
free_appdata_info_locked (PurpleMediaAppDataInfo *info)
{
+ GstAppSrcCallbacks null_src_cb = { NULL, NULL, NULL, { NULL } };
+ GstAppSinkCallbacks null_sink_cb = { NULL, NULL, NULL , { NULL } };
+
if (info->notify)
info->notify (info->user_data);
+ info->media = NULL;
+ if (info->appsrc) {
+ /* Will call appsrc_destroyed. */
+ gst_app_src_set_callbacks (info->appsrc, &null_src_cb,
+ NULL, NULL);
+ }
+ if (info->appsink) {
+ /* Will call appsink_destroyed. */
+ gst_app_sink_set_callbacks (info->appsink, &null_sink_cb,
+ NULL, NULL);
+ }
+
/* Make sure no other thread is using the structure */
g_free (info->session_id);
g_free (info->participant);
@@ -871,7 +886,14 @@ appsrc_seek_data (GstAppSrc *appsrc, gui
static void
appsrc_destroyed (PurpleMediaAppDataInfo *info)
{
- PurpleMediaManager *manager = purple_media_manager_get ();
+ PurpleMediaManager *manager;
+
+ if (!info->media) {
+ /* PurpleMediaAppDataInfo is being freed. Return at once. */
+ return;
+ }
+
+ manager = purple_media_manager_get ();
g_mutex_lock (&manager->priv->appdata_mutex);
info->appsrc = NULL;
@@ -1029,7 +1051,14 @@ appsink_new_sample (GstAppSink *appsink,
static void
appsink_destroyed (PurpleMediaAppDataInfo *info)
{
- PurpleMediaManager *manager = purple_media_manager_get ();
+ PurpleMediaManager *manager;
+
+ if (!info->media) {
+ /* PurpleMediaAppDataInfo is being freed. Return at once. */
+ return;
+ }
+
+ manager = purple_media_manager_get ();
g_mutex_lock (&manager->priv->appdata_mutex);
info->appsink = NULL;
More information about the Commits
mailing list