[Mono-bugs] [Bug 389814] New: [crash] double-free at MediaBase::SetSource

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Tue May 13 09:58:26 EDT 2008 

https://bugzilla.novell.com/show_bug.cgi?id=389814


           Summary: [crash] double-free at MediaBase::SetSource
           Product: Moonlight
           Version: 1.0.0
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: P5 - None
         Component: media
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: fherrera at novell.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: Development


When parsing a rtsp:// uri (which should fallback to http) we hit a doble-free.
Use a MediaElemente like this:
<MediaElement x:Name="mPlayer" Width="640" Height="480"
Source="rtsp://fer.name/mms/timecode-long.wmv"/>

#0  0x003cb832 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00b87690 in raise () from /lib/libc.so.6
#2  0x00b88f91 in abort () from /lib/libc.so.6
#3  0x00bbf9eb in __libc_message () from /lib/libc.so.6
#4  0x00bc7ac1 in _int_free () from /lib/libc.so.6
#5  0x00bcb0f0 in free () from /lib/libc.so.6
#6  0x00986e61 in IA__g_free (mem=0x9dfdfa8) at gmem.c:190
#7  0x04ff3408 in MediaBase::SetSource (this=0x9dfd9f0, downloader=0x9dfb030,
PartName=0x53c07e5 "") at media.cpp:146
#8  0x04ff353d in MediaElement::SetSource (this=0x9dfd9f0,
downloader=0x9dfb030, PartName=0x53c07e5 "") at media.cpp:1356
#9  0x04ff05f1 in MediaElement::DownloaderFailed (this=0x9dfd9f0,
args=0x9dfafc0) at media.cpp:1238
#10 0x04fec579 in MediaBase::downloader_failed (sender=0x9dfe380,
calldata=0x9dfafc0, closure=0x9dfd9f0) at media.cpp:72
#11 0x04fd7733 in EventObject::Emit (this=0x9dfe380, event_id=2,
calldata=0x9dfafc0, only_unemitted=false) at dependencyobject.cpp:410
#12 0x04fda512 in Downloader::NotifyFailed (this=0x9dfe380, msg=0x1b87843
"generic error") at downloader.cpp:548
#13 0x01b1fb48 in p_downloader_send (state=0x9dfe410) at
plugin-downloader.cpp:246
#14 0x04fda66e in Downloader::SendInternal (this=0x9dfe380) at
downloader.cpp:441
#15 0x04fda6c2 in Downloader::SendNow (this=0x9dfe380) at downloader.cpp:476
#16 0x04ff33a8 in MediaElement::SetSourceInternal (this=0x9dfd9f0,
downloader=0x9dfe380, PartName=0x9dfdfa8 "���\ted") at media.cpp:1335
#17 0x04fee315 in MediaBase::SetSourceAsyncCallback (this=0x9dfd9f0) at
media.cpp:112
#18 0x04fee369 in set_source_async (user_data=0x9dfd9f0) at media.cpp:133
#19 0x0097fa96 in g_timeout_dispatch (source=0x9dfe518, callback=0x6,
user_data=0x9dfd9f0) at gmain.c:3443
#20 0x0097f353 in IA__g_main_context_dispatch (context=0x8cffc18) at
gmain.c:2009
#21 0x00982533 in g_main_context_iterate (context=0x8cffc18, block=1,
dispatch=1, self=0x8cdf868) at gmain.c:2642
#22 0x00982887 in IA__g_main_loop_run (loop=0x9053478) at gmain.c:2850
#23 0x006bd6d4 in IA__gtk_main () at gtkmain.c:1161
#24 0x00f87087 in nsAppShell::Run () from
/opt/gnome224/lib/firefox-2.0.0.14/components/libwidget_gtk2.so
#25 0x01016e97 in nsAppStartup::Run () from
/opt/gnome224/lib/firefox-2.0.0.14/components/libtoolkitcomps.so
#26 0x0804f795 in XRE_main ()
#27 0x0804aa83 in main ()


#7  0x04ff3408 in MediaBase::SetSource (this=0x9dfd9f0, downloader=0x9dfb030,
PartName=0x53c07e5 "") at media.cpp:146
146                     g_free (source.part_name);
(gdb) p source.part_name
$1 = 0x9dfdfa8 "���\ted"

source.part_name was pointing to media->part_name which was freeed already


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list