From 64b4257509d1e7913ff4b4893cd6a78aefe884fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alicia=20Boya=20Garc=C3=ADa?= Date: Fri, 23 Jun 2023 12:29:04 +0200 Subject: [PATCH] ges-timeline-element: Fix refcount bug in "timeline" and "parent" properties ges-timeline-element property getter handler was using g_value_take_object() with internal pointers of the element as arguments, instead of g_value_set_object(). g_value_take_object() moves the ownership of the reference; hence, when reading "timeline" the reference ownership of timeline is moved away from the ges-timeline-element and into the GValue. Since GValues are temporaries that are often discarded quickly after, this can easily lead to a double free. This was causing gst-editing-services / pythontests to crash when running TestTrackElements.test_ungroup_regroup() because of an innocent read of `clip2.props.timeline` around the end of the test. Part-of: --- subprojects/gst-editing-services/ges/ges-timeline-element.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/subprojects/gst-editing-services/ges/ges-timeline-element.c b/subprojects/gst-editing-services/ges/ges-timeline-element.c index 7dbae9b56f..caa8b5bbc5 100644 --- a/subprojects/gst-editing-services/ges/ges-timeline-element.c +++ b/subprojects/gst-editing-services/ges/ges-timeline-element.c @@ -295,10 +295,10 @@ _get_property (GObject * object, guint property_id, switch (property_id) { case PROP_PARENT: - g_value_take_object (value, self->parent); + g_value_set_object (value, self->parent); break; case PROP_TIMELINE: - g_value_take_object (value, self->timeline); + g_value_set_object (value, self->timeline); break; case PROP_START: g_value_set_uint64 (value, self->start);