107025 2013-01-16 09:54:19 -0800 [gstreamer][cairo] GstBuffer memory is unmapped too soon in ImageGStreamer 2013-01-16 10:45:47 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 106551 1 cdumez cdumez gustavo menard mrobinson pnormand webkit.review.bot oldest_to_newest 808455 0 cdumez 2013-01-16 09:54:19 -0800 In the cairo implementation of ImageGStreamer, with gstreamer 1.0, the GstBuffer memory is mapped to construct a cairo_surface_t using cairo_image_surface_create_for_data() and then the buffer memory is unmapped right after. The documentation for cairo_image_surface_create_for_data() says that "The output buffer must be kept around until the cairo_surface_t is destroyed or cairo_surface_finish() is called on the surface." Unfortunately, the memory is unmapped while the image is still alive and the cairo_surface_t points internally to memory that is no longer valid. This may lead to crashes. 808466 1 182998 cdumez 2013-01-16 10:00:22 -0800 Created attachment 182998 Patch 808521 2 182998 webkit.review.bot 2013-01-16 10:45:43 -0800 Comment on attachment 182998 Patch Clearing flags on attachment: 182998 Committed r139896: <http://trac.webkit.org/changeset/139896> 808522 3 webkit.review.bot 2013-01-16 10:45:47 -0800 All reviewed patches have been landed. Closing bug. 182998 2013-01-16 10:00:22 -0800 2013-01-16 10:45:43 -0800 Patch 107025_gstreamer_image.patch text/plain 6027 cdumez ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCBkNTlhNTQyLi5iM2ZjZmUyIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMzUg QEAKKzIwMTMtMDEtMTYgIENocmlzdG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGludGVs LmNvbT4KKworICAgICAgICBbZ3N0cmVhbWVyXSBTb21lIG1lZGlhIHRlc3RzIG9jY2FzaW9uYWxs eSBjcmFzaCB3aXRoIGdzdHJlYW1lciAxLjAgYmFja2VuZAorICAgICAgICBodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTA2NTUxCisKKyAgICAgICAgUmV2aWV3ZWQgYnkg Tk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgSW1hZ2VHU3RyZWFtZXJDYWlybyB3YXMgcGFzc2lu ZyBtYXBwZWQgbWVtb3J5IHRvCisgICAgICAgIGNhaXJvX2ltYWdlX3N1cmZhY2VfY3JlYXRlX2Zv cl9kYXRhKCkgYW5kIHRoZW4gdW5tYXBwaW5nIGl0IHN0cmFpZ2h0CisgICAgICAgIGF3YXkgZXZl biB0aG91Z2ggdGhlIGNhaXJvX3N1cmZhY2VfdCBpcyBzdGlsbCB1c2VkLiBUaGUgY2Fpcm8KKyAg ICAgICAgZG9jdW1lbnRhdGlvbiBzdGF0ZXM6CisgICAgICAgICJUaGUgb3V0cHV0IGJ1ZmZlciBt dXN0IGJlIGtlcHQgYXJvdW5kIHVudGlsIHRoZSBjYWlyb19zdXJmYWNlX3QgaXMKKyAgICAgICAg ZGVzdHJveWVkIG9yIGNhaXJvX3N1cmZhY2VfZmluaXNoKCkgaXMgY2FsbGVkIG9uIHRoZSBzdXJm YWNlLiIKKworICAgICAgICBUaGlzIHBhdGNoIGtlZXBzIHRoZSBHc3RCdWZmZXIgbWVtb3J5IG1h cHBlZCB1bnRpbCB0aGUgSW1hZ2VHU3RyZWFtZXIKKyAgICAgICAgaXMgZGVzdHJveWVkIHNvIHRo YXQgdGhlIGludGVybmFsIGNhaXJvX3N1cmZhY2VfdCBzdGF5cyB2YWxpZCB3aGlsZQorICAgICAg ICBhdm9pZGluZyBjb3B5aW5nIHRoZSBpbWFnZSBkYXRhLgorCisgICAgICAgIE5vIG5ldyB0ZXN0 cywgYWxyZWFkeSBjb3ZlcmVkIGJ5IGV4aXN0aW5nIHRlc3RzLgorCisgICAgICAgICogcGxhdGZv cm0vZ3JhcGhpY3MvZ3N0cmVhbWVyL0dSZWZQdHJHU3RyZWFtZXIuY3BwOgorICAgICAgICAoV1RG OjphZG9wdEdSZWYpOgorICAgICAgICAoV1RGKToKKyAgICAgICAgKFdURjo6R3N0QnVmZmVyKToK KyAgICAgICAgKiBwbGF0Zm9ybS9ncmFwaGljcy9nc3RyZWFtZXIvR1JlZlB0ckdTdHJlYW1lci5o OgorICAgICAgICAoV1RGKTogQWRkIHN1cHBvcnQgZm9yIHVzaW5nIEdSZWZQdHIgd2l0aCBHc3RC dWZmZXIuCisgICAgICAgICogcGxhdGZvcm0vZ3JhcGhpY3MvZ3N0cmVhbWVyL0ltYWdlR1N0cmVh bWVyLmg6CisgICAgICAgIChJbWFnZUdTdHJlYW1lcik6CisgICAgICAgICogcGxhdGZvcm0vZ3Jh cGhpY3MvZ3N0cmVhbWVyL0ltYWdlR1N0cmVhbWVyQ2Fpcm8uY3BwOgorICAgICAgICAoSW1hZ2VH U3RyZWFtZXI6OkltYWdlR1N0cmVhbWVyKToKKyAgICAgICAgKEltYWdlR1N0cmVhbWVyOjp+SW1h Z2VHU3RyZWFtZXIpOgorCiAyMDEzLTAxLTE2ICBHcnplZ29yeiBDemFqa293c2tpICA8Zy5jemFq a293c2tpQHNhbXN1bmcuY29tPgogCiAgICAgICAgIFVucmV2aWV3ZWQgRUZMIGJ1aWxkIGZpeCBh ZnRlciByMTM5ODc3LgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhp Y3MvZ3N0cmVhbWVyL0dSZWZQdHJHU3RyZWFtZXIuY3BwIGIvU291cmNlL1dlYkNvcmUvcGxhdGZv cm0vZ3JhcGhpY3MvZ3N0cmVhbWVyL0dSZWZQdHJHU3RyZWFtZXIuY3BwCmluZGV4IGZmYjBlMTYu LmU5ZjJiMjkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2dz dHJlYW1lci9HUmVmUHRyR1N0cmVhbWVyLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9y bS9ncmFwaGljcy9nc3RyZWFtZXIvR1JlZlB0ckdTdHJlYW1lci5jcHAKQEAgLTE2NSw1ICsxNjUs MjMgQEAgdGVtcGxhdGUgPD4gdm9pZCBkZXJlZkdQdHI8R3N0RWxlbWVudEZhY3Rvcnk+KEdzdEVs ZW1lbnRGYWN0b3J5KiBwdHIpCiAgICAgICAgIGdzdF9vYmplY3RfdW5yZWYocHRyKTsKIH0KIAor dGVtcGxhdGU8PiBHUmVmUHRyPEdzdEJ1ZmZlcj4gYWRvcHRHUmVmKEdzdEJ1ZmZlciogcHRyKQor eworICAgIHJldHVybiBHUmVmUHRyPEdzdEJ1ZmZlcj4ocHRyLCBHUmVmUHRyQWRvcHQpOworfQor Cit0ZW1wbGF0ZTw+IEdzdEJ1ZmZlciogcmVmR1B0cjxHc3RCdWZmZXI+KEdzdEJ1ZmZlciogcHRy KQoreworICAgIGlmIChwdHIpCisgICAgICAgIGdzdF9idWZmZXJfcmVmKHB0cik7CisKKyAgICBy ZXR1cm4gcHRyOworfQorCit0ZW1wbGF0ZTw+IHZvaWQgZGVyZWZHUHRyPEdzdEJ1ZmZlcj4oR3N0 QnVmZmVyKiBwdHIpCit7CisgICAgaWYgKHB0cikKKyAgICAgICAgZ3N0X2J1ZmZlcl91bnJlZihw dHIpOworfQogfQogI2VuZGlmIC8vIFVTRShHU1RSRUFNRVIpCmRpZmYgLS1naXQgYS9Tb3VyY2Uv V2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9nc3RyZWFtZXIvR1JlZlB0ckdTdHJlYW1lci5oIGIv U291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhpY3MvZ3N0cmVhbWVyL0dSZWZQdHJHU3RyZWFt ZXIuaAppbmRleCA1YjBlZDBkLi4wMDI4NzlmIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9w bGF0Zm9ybS9ncmFwaGljcy9nc3RyZWFtZXIvR1JlZlB0ckdTdHJlYW1lci5oCisrKyBiL1NvdXJj ZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2dzdHJlYW1lci9HUmVmUHRyR1N0cmVhbWVyLmgK QEAgLTMwLDYgKzMwLDcgQEAgdHlwZWRlZiBzdHJ1Y3QgX0dzdENhcHMgR3N0Q2FwczsKIHR5cGVk ZWYgc3RydWN0IF9Hc3RUYXNrIEdzdFRhc2s7CiB0eXBlZGVmIHN0cnVjdCBfR3N0QnVzIEdzdEJ1 czsKIHR5cGVkZWYgc3RydWN0IF9Hc3RFbGVtZW50RmFjdG9yeSBHc3RFbGVtZW50RmFjdG9yeTsK K3R5cGVkZWYgc3RydWN0IF9Hc3RCdWZmZXIgR3N0QnVmZmVyOwogCiBuYW1lc3BhY2UgV1RGIHsK IApAQCAtNjEsNiArNjIsOSBAQCB0ZW1wbGF0ZTw+IEdSZWZQdHI8R3N0RWxlbWVudEZhY3Rvcnk+ IGFkb3B0R1JlZihHc3RFbGVtZW50RmFjdG9yeSogcHRyKTsKIHRlbXBsYXRlPD4gR3N0RWxlbWVu dEZhY3RvcnkqIHJlZkdQdHI8R3N0RWxlbWVudEZhY3Rvcnk+KEdzdEVsZW1lbnRGYWN0b3J5KiBw dHIpOwogdGVtcGxhdGU8PiB2b2lkIGRlcmVmR1B0cjxHc3RFbGVtZW50RmFjdG9yeT4oR3N0RWxl bWVudEZhY3RvcnkqIHB0cik7CiAKK3RlbXBsYXRlPD4gR1JlZlB0cjxHc3RCdWZmZXI+IGFkb3B0 R1JlZihHc3RCdWZmZXIqIHB0cik7Cit0ZW1wbGF0ZTw+IEdzdEJ1ZmZlciogcmVmR1B0cjxHc3RC dWZmZXI+KEdzdEJ1ZmZlciogcHRyKTsKK3RlbXBsYXRlPD4gdm9pZCBkZXJlZkdQdHI8R3N0QnVm ZmVyPihHc3RCdWZmZXIqIHB0cik7CiB9CiAKICNlbmRpZiAvLyBVU0UoR1NUUkVBTUVSKQpkaWZm IC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhpY3MvZ3N0cmVhbWVyL0ltYWdl R1N0cmVhbWVyLmggYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9nc3RyZWFtZXIv SW1hZ2VHU3RyZWFtZXIuaAppbmRleCA4M2JkZmUyLi40MGYzNTUyIDEwMDY0NAotLS0gYS9Tb3Vy Y2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9nc3RyZWFtZXIvSW1hZ2VHU3RyZWFtZXIuaAor KysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9nc3RyZWFtZXIvSW1hZ2VHU3Ry ZWFtZXIuaApAQCAtNjAsNiArNjAsMTEgQEAgY2xhc3MgSW1hZ2VHU3RyZWFtZXIgOiBwdWJsaWMg UmVmQ291bnRlZDxJbWFnZUdTdHJlYW1lcj4gewogICAgICAgICBJbWFnZUdTdHJlYW1lcihHc3RC dWZmZXIqLCBHc3RDYXBzKik7CiAgICAgICAgIFJlZlB0cjxCaXRtYXBJbWFnZT4gbV9pbWFnZTsK ICAgICAgICAgRmxvYXRSZWN0IG1fY3JvcFJlY3Q7CisKKyNpZiBVU0UoQ0FJUk8pICYmIGRlZmlu ZWQoR1NUX0FQSV9WRVJTSU9OXzEpCisgICAgICAgIEdSZWZQdHI8R3N0QnVmZmVyPiBtX2J1ZmZl cjsKKyAgICAgICAgR3N0TWFwSW5mbyBtX21hcEluZm87CisjZW5kaWYKICAgICB9OwogfQogCmRp ZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9nc3RyZWFtZXIvSW1h Z2VHU3RyZWFtZXJDYWlyby5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9n c3RyZWFtZXIvSW1hZ2VHU3RyZWFtZXJDYWlyby5jcHAKaW5kZXggZDNmN2ZhNy4uYTRlODYyOCAx MDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhpY3MvZ3N0cmVhbWVyL0lt YWdlR1N0cmVhbWVyQ2Fpcm8uY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBo aWNzL2dzdHJlYW1lci9JbWFnZUdTdHJlYW1lckNhaXJvLmNwcApAQCAtMzYsNiArMzYsOSBAQCB1 c2luZyBuYW1lc3BhY2Ugc3RkOwogdXNpbmcgbmFtZXNwYWNlIFdlYkNvcmU7CiAKIEltYWdlR1N0 cmVhbWVyOjpJbWFnZUdTdHJlYW1lcihHc3RCdWZmZXIqIGJ1ZmZlciwgR3N0Q2FwcyogY2FwcykK KyNpZmRlZiBHU1RfQVBJX1ZFUlNJT05fMQorICAgIDogbV9idWZmZXIoYnVmZmVyKQorI2VuZGlm CiB7CiAgICAgR3N0VmlkZW9Gb3JtYXQgZm9ybWF0OwogICAgIEludFNpemUgc2l6ZTsKQEAgLTQz LDkgKzQ2LDggQEAgSW1hZ2VHU3RyZWFtZXI6OkltYWdlR1N0cmVhbWVyKEdzdEJ1ZmZlciogYnVm ZmVyLCBHc3RDYXBzKiBjYXBzKQogICAgIGdldFZpZGVvU2l6ZUFuZEZvcm1hdEZyb21DYXBzKGNh cHMsIHNpemUsIGZvcm1hdCwgcGl4ZWxBc3BlY3RSYXRpb051bWVyYXRvciwgcGl4ZWxBc3BlY3RS YXRpb0Rlbm9taW5hdG9yLCBzdHJpZGUpOwogCiAjaWZkZWYgR1NUX0FQSV9WRVJTSU9OXzEKLSAg ICBHc3RNYXBJbmZvIG1hcEluZm87Ci0gICAgZ3N0X2J1ZmZlcl9tYXAoYnVmZmVyLCAmbWFwSW5m bywgR1NUX01BUF9SRUFEKTsKLSAgICB1bnNpZ25lZCBjaGFyKiBidWZmZXJEYXRhID0gcmVpbnRl cnByZXRfY2FzdDx1bnNpZ25lZCBjaGFyKj4obWFwSW5mby5kYXRhKTsKKyAgICBnc3RfYnVmZmVy X21hcChidWZmZXIsICZtX21hcEluZm8sIEdTVF9NQVBfUkVBRCk7CisgICAgdW5zaWduZWQgY2hh ciogYnVmZmVyRGF0YSA9IHJlaW50ZXJwcmV0X2Nhc3Q8dW5zaWduZWQgY2hhcio+KG1fbWFwSW5m by5kYXRhKTsKICNlbHNlCiAgICAgdW5zaWduZWQgY2hhciogYnVmZmVyRGF0YSA9IHJlaW50ZXJw cmV0X2Nhc3Q8dW5zaWduZWQgY2hhcio+KEdTVF9CVUZGRVJfREFUQShidWZmZXIpKTsKICNlbmRp ZgpAQCAtNjQsOCArNjYsNiBAQCBJbWFnZUdTdHJlYW1lcjo6SW1hZ2VHU3RyZWFtZXIoR3N0QnVm ZmVyKiBidWZmZXIsIEdzdENhcHMqIGNhcHMpCiAjaWZkZWYgR1NUX0FQSV9WRVJTSU9OXzEKICAg ICBpZiAoR3N0VmlkZW9Dcm9wTWV0YSogY3JvcE1ldGEgPSBnc3RfYnVmZmVyX2dldF92aWRlb19j cm9wX21ldGEoYnVmZmVyKSkKICAgICAgICAgc2V0Q3JvcFJlY3QoRmxvYXRSZWN0KGNyb3BNZXRh LT54LCBjcm9wTWV0YS0+eSwgY3JvcE1ldGEtPndpZHRoLCBjcm9wTWV0YS0+aGVpZ2h0KSk7Ci0K LSAgICBnc3RfYnVmZmVyX3VubWFwKGJ1ZmZlciwgJm1hcEluZm8pOwogI2VuZGlmCiB9CiAKQEAg LTc1LDUgKzc1LDExIEBAIEltYWdlR1N0cmVhbWVyOjp+SW1hZ2VHU3RyZWFtZXIoKQogICAgICAg ICBtX2ltYWdlLmNsZWFyKCk7CiAKICAgICBtX2ltYWdlID0gMDsKKworI2lmZGVmIEdTVF9BUElf VkVSU0lPTl8xCisgICAgLy8gV2Uga2VlcCB0aGUgYnVmZmVyIG1lbW9yeSBtYXBwZWQgdW50aWwg dGhlIGltYWdlIGlzIGRlc3Ryb3llZCBiZWNhdXNlIHRoZSBpbnRlcm5hbAorICAgIC8vIGNhaXJv X3N1cmZhY2VfdCB3YXMgY3JlYXRlZCB1c2luZyBjYWlyb19pbWFnZV9zdXJmYWNlX2NyZWF0ZV9m b3JfZGF0YSgpLgorICAgIGdzdF9idWZmZXJfdW5tYXAobV9idWZmZXIuZ2V0KCksICZtX21hcElu Zm8pOworI2VuZGlmCiB9CiAjZW5kaWYgLy8gVVNFKEdTVFJFQU1FUikK