queue2: fix crash deleting current region for small ring buffers

Ensure we do not attempt to destroy the current range. Doing so causes the current one to be left dangling, and it may be dereferenced later, leading to a crash. This can happen with a very small queue2 ring buffer (10000 bytes) and 4 kB buffers. repro case: gst-launch-1.0 fakesrc sizetype=2 sizemax=4096 ! \ queue2 ring-buffer-max-size=1000 ! fakesink sync=true https://bugzilla.gnome.org/show_bug.cgi?id=767688
2024-09-29 23:32:33 +00:00 · 2016-06-15 13:43:59 +01:00 · 2016-06-15 13:43:59 +01:00 · b3802f7a9e
commit b3802f7a9e
parent e452acb634
1 changed files with 3 additions and 0 deletions
--- a/plugins/elements/gstqueue2.c
+++ b/plugins/elements/gstqueue2.c
@ -1844,6 +1844,9 @@ gst_queue2_create_write (GstQueue2 * queue, GstBuffer * buffer)
        guint64 range_data_start, range_data_end;
        GstQueue2Range *range_to_destroy = NULL;

+        if (range == queue->current)
+          goto next_range;
+
        range_data_start = range->rb_offset;
        range_data_end = range->rb_writing_pos;