multiqueue: Fix query unref race on flush

If the query has already been destroyed at this point, GST_IS_QUERY will
read garbage, can return false and we will try to unref it again.
Instead, make note of whether the item is a query when we dequeue it.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/1029>

diff --git a/subprojects/gstreamer/plugins/elements/gstmultiqueue.c b/subprojects/gstreamer/plugins/elements/gstmultiqueue.c
index e13d317d2f0c8f32067b633ce7443c1332ad7171..3c46a8c95803352224dffa39ece038e0509dc66a 100644 (file)
--- a/subprojects/gstreamer/plugins/elements/gstmultiqueue.c
+++ b/subprojects/gstreamer/plugins/elements/gstmultiqueue.c
@@ -2091,7 +2091,7 @@ gst_multi_queue_loop (GstPad * pad)
   guint32 newid;
   GstFlowReturn result;
   GstClockTimeDiff next_time;
-  gboolean is_buffer;
+  gboolean is_buffer, is_query;
   gboolean do_update_buffering = FALSE;
   gboolean dropping = FALSE;
   GstPad *srcpad = NULL;
@@ -2117,6 +2117,8 @@ next:
   item = (GstMultiQueueItem *) sitem;
   newid = item->posid;
 
+  is_query = item->is_query;
+
   /* steal the object and destroy the item */
   object = gst_multi_queue_item_steal_object (item);
   gst_multi_queue_item_destroy (item);
@@ -2362,7 +2364,7 @@ done:
 
 out_flushing:
   {
-    if (object && !GST_IS_QUERY (object))
+    if (object && !is_query)
       gst_mini_object_unref (object);
 
     GST_MULTI_QUEUE_MUTEX_LOCK (mq);