[vlc-commits] block: fix invalid memory access in block_Fifo(Count|Size)

Rémi Denis-Courmont git at videolan.org
Thu Oct 2 19:50:39 CEST 2014 

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Thu Oct  2 20:49:49 2014 +0300| [412898bbd864c5d9379d74b67628d991e3f81ed8] | committer: Rémi Denis-Courmont

block: fix invalid memory access in block_Fifo(Count|Size)

The function remain fundamentally ToCToU-prone, but at least they now
follow the memory model.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=412898bbd864c5d9379d74b67628d991e3f81ed8
---

 include/vlc_block.h |    4 ++--
 src/misc/block.c    |   22 ++++++++++++++++------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/include/vlc_block.h b/include/vlc_block.h
index 75f98ff..34a107c 100644
--- a/include/vlc_block.h
+++ b/include/vlc_block.h
@@ -315,7 +315,7 @@ VLC_API size_t block_FifoPut( block_fifo_t *, block_t * );
 VLC_API void block_FifoWake( block_fifo_t * );
 VLC_API block_t * block_FifoGet( block_fifo_t * ) VLC_USED;
 VLC_API block_t * block_FifoShow( block_fifo_t * );
-size_t block_FifoSize( const block_fifo_t *p_fifo ) VLC_USED;
-VLC_API size_t block_FifoCount( const block_fifo_t *p_fifo ) VLC_USED;
+size_t block_FifoSize(block_fifo_t *) VLC_USED;
+VLC_API size_t block_FifoCount(block_fifo_t *) VLC_USED;
 
 #endif /* VLC_BLOCK_H */
diff --git a/src/misc/block.c b/src/misc/block.c
index 3e953f1..0a408cc 100644
--- a/src/misc/block.c
+++ b/src/misc/block.c
@@ -723,14 +723,24 @@ block_t *block_FifoShow( block_fifo_t *p_fifo )
     return b;
 }
 
-/* FIXME: not thread-safe */
-size_t block_FifoSize( const block_fifo_t *p_fifo )
+/* FIXME: not (really) thread-safe */
+size_t block_FifoSize (block_fifo_t *fifo)
 {
-    return p_fifo->i_size;
+    size_t size;
+
+    vlc_mutex_lock (&fifo->lock);
+    size = fifo->i_size;
+    vlc_mutex_unlock (&fifo->lock);
+    return size;
 }
 
-/* FIXME: not thread-safe */
-size_t block_FifoCount( const block_fifo_t *p_fifo )
+/* FIXME: not (really) thread-safe */
+size_t block_FifoCount (block_fifo_t *fifo)
 {
-    return p_fifo->i_depth;
+    size_t depth;
+
+    vlc_mutex_lock (&fifo->lock);
+    depth = fifo->i_depth;
+    vlc_mutex_unlock (&fifo->lock);
+    return depth;
 }

More information about the vlc-commits mailing list