107025 – [gstreamer][cairo] GstBuffer memory is unmapped too soon in ImageGStreamer

Bug 107025 - [gstreamer][cairo] GstBuffer memory is unmapped too soon in ImageGStreamer

Summary: [gstreamer][cairo] GstBuffer memory is unmapped too soon in ImageGStreamer

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:

Depends on:
Blocks:	106551
	Show dependency tree / graph

Reported:	2013-01-16 09:54 PST by Chris Dumez
Modified:	2013-01-16 10:45 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (5.89 KB, patch) 2013-01-16 10:00 PST, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2013-01-16 09:54:19 PST

In the cairo implementation of ImageGStreamer, with gstreamer 1.0, the GstBuffer memory is mapped to construct a cairo_surface_t using cairo_image_surface_create_for_data() and then the buffer memory is unmapped right after.

The documentation for cairo_image_surface_create_for_data() says that "The output buffer must be kept around until the cairo_surface_t is destroyed or cairo_surface_finish() is called on the surface."

Unfortunately, the memory is unmapped while the image is still alive and the cairo_surface_t points internally to memory that is no longer valid. This may lead to crashes.

Comment 1 Chris Dumez 2013-01-16 10:00:22 PST

Created attachment 182998 [details]
Patch

Comment 2 WebKit Review Bot 2013-01-16 10:45:43 PST

Comment on attachment 182998 [details]
Patch

Clearing flags on attachment: 182998

Committed r139896: <http://trac.webkit.org/changeset/139896>

Comment 3 WebKit Review Bot 2013-01-16 10:45:47 PST

All reviewed patches have been landed.  Closing bug.