From 5aa825d00441dcb230db83424572796ef5e6307f Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@ltnglobal.com>
Date: Mon, 4 Oct 2021 13:49:44 +0200
Subject: [PATCH] multiqueue: Fix query unref race on flush

If the query has already been destroyed at this point, GST_IS_QUERY will
read garbage, can return false and we will try to unref it again.
Instead, make note of whether the item is a query when we dequeue it.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/1029>
---
 subprojects/gstreamer/plugins/elements/gstmultiqueue.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/subprojects/gstreamer/plugins/elements/gstmultiqueue.c b/subprojects/gstreamer/plugins/elements/gstmultiqueue.c
index e13d317d2f..3c46a8c958 100644
--- a/subprojects/gstreamer/plugins/elements/gstmultiqueue.c
+++ b/subprojects/gstreamer/plugins/elements/gstmultiqueue.c
@@ -2091,7 +2091,7 @@ gst_multi_queue_loop (GstPad * pad)
   guint32 newid;
   GstFlowReturn result;
   GstClockTimeDiff next_time;
-  gboolean is_buffer;
+  gboolean is_buffer, is_query;
   gboolean do_update_buffering = FALSE;
   gboolean dropping = FALSE;
   GstPad *srcpad = NULL;
@@ -2117,6 +2117,8 @@ next:
   item = (GstMultiQueueItem *) sitem;
   newid = item->posid;
 
+  is_query = item->is_query;
+
   /* steal the object and destroy the item */
   object = gst_multi_queue_item_steal_object (item);
   gst_multi_queue_item_destroy (item);
@@ -2362,7 +2364,7 @@ done:
 
 out_flushing:
   {
-    if (object && !GST_IS_QUERY (object))
+    if (object && !is_query)
       gst_mini_object_unref (object);
 
     GST_MULTI_QUEUE_MUTEX_LOCK (mq);