From 6d7dc93a450d50053bbc1c7ab67fc300f7ccdf1a Mon Sep 17 00:00:00 2001
From: =?utf8?q?V=C3=ADctor=20Manuel=20J=C3=A1quez=20Leal?=
 <vjaquez@igalia.com>
Date: Tue, 16 Nov 2021 13:14:25 +0100
Subject: [PATCH] uridecodebin3: Nullify current item after all play items are
 freed.

There's a potential race condition with this sort of pipelines on
certain systems (depends on the processing load):

GST_DEBUG_DUMP_DOT_DIR=/tmp \
gst-launch-1.0 uridecodebin3 uri=file://stream.mp4 ! glupload ! \
glimagesink --gst-debug=*:4

Right after the pipeline passes from PAUSED to READY, bin_to_dot_file
dumps uridecodebin3 properties, but current uri and suburi might be
already freed, causing a potential use-after-freed.

This patch makes NULL the current item right after all the play items
are freed.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/1353>
---
 subprojects/gst-plugins-base/gst/playback/gsturidecodebin3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/subprojects/gst-plugins-base/gst/playback/gsturidecodebin3.c b/subprojects/gst-plugins-base/gst/playback/gsturidecodebin3.c
index d881bb8..dbc97f9 100644
--- a/subprojects/gst-plugins-base/gst/playback/gsturidecodebin3.c
+++ b/subprojects/gst-plugins-base/gst/playback/gsturidecodebin3.c
@@ -1116,6 +1116,7 @@ free_play_items (GstURIDecodeBin3 * dec)
 
   g_list_free (dec->play_items);
   dec->play_items = NULL;
+  dec->current = NULL;
 }
 
 static GstStateChangeReturn
-- 
2.7.4