[vlc-devel] Races in vlm.c

Sébastien Escudier sebastien-devel at celeos.eu
Mon Nov 3 17:39:10 CET 2008


I think input_DetachSout in vlm.c (used two times) can't work the way it is used

input_StopThread( p_input );
p_instance->p_sout = input_DetachSout( p_input );

What if p_sout is used in input thread ? There is no locking here.

Another problem is that if an input thread fail to start (input.c:Init) then
sout_DeleteInstance is called here.
But it can also be called from Manage thread in vlm.c : vlm_ControlInternal(
So we end up in vlm_MediaInstanceDelete, taking p_sout, and deleting it, while
it is also deleted at the end of input.c:Init function.

Why ? because input.c call sout_DeleteInstance while vlm.c used

Maybe the solution would be to add a mutex on sout ?

Here is a backtrace of this happening :

#0  Close (p_this=0x82ba378) at rtp.c:561
561	    if( p_sys->p_mux )
(gdb) bt
#0  Close (p_this=0x82ba378) at rtp.c:561
#1  0xb7c6577f in __module_unneed (p_this=0x82ba378, p_module=0x824e7a8) at
#2  0xb7c800fd in sout_StreamDelete (p_stream=0x82ba378) at
#3  0xb7c80d4d in sout_DeleteInstance (p_sout=0x82d05a8) at
#4  0xb7c84602 in vlm_MediaInstanceDelete (p_instance=0xb2b064a0) at
#5  0xb7c84827 in vlm_ControlMediaInstanceStop (p_vlm=0x80f8c70, id=<value
optimized out>, psz_id=0x0) at input/vlm.c:898
#6  0xb7c8614a in vlm_vaControlInternal (p_vlm=0x80f8c70, i_query=<value
optimized out>, args=<value optimized out>) at input/vlm.c:1099
#7  0xb7c869b7 in vlm_ControlInternal (p_vlm=0x80f8c70, i_query=11) at
#8  0xb7c86d91 in Manage (p_object=0x80f8c70) at input/vlm.c:342
#9  0xb7f8d4fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7d7fe5e in clone () from /lib/tls/i686/cmov/libc.so.6


More information about the vlc-devel mailing list