[vlc-commits] vout: fix use-after-free, wait on correct date
Rémi Denis-Courmont
git at videolan.org
Sun Oct 25 18:37:05 CET 2015
vlc/vlc-2.2 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Wed Oct 21 21:14:16 2015 +0300| [0cc92eb1243876e6ab2c9b04fafb043f3b8073e4] | committer: Rémi Denis-Courmont
vout: fix use-after-free, wait on correct date
The mwait() call dereferenced a potentially no longer referenced picture
(if the display was filtered).
(cherry picked from commit dfefe47ff25ace43f1ac1fad7fa652c8b99eb1f6)
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=0cc92eb1243876e6ab2c9b04fafb043f3b8073e4
---
src/video_output/video_output.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/video_output/video_output.c b/src/video_output/video_output.c
index ff1e96a..6edba7e 100644
--- a/src/video_output/video_output.c
+++ b/src/video_output/video_output.c
@@ -1052,6 +1052,8 @@ static int ThreadDisplayRenderPicture(vout_thread_t *vout, bool is_forced)
subpicture_Delete(subpic);
return VLC_EGENERIC;
}
+
+ todisplay = sys->display.filtered;
}
vout_chrono_Stop(&vout->p->render);
@@ -1075,10 +1077,7 @@ static int ThreadDisplayRenderPicture(vout_thread_t *vout, bool is_forced)
/* Display the direct buffer returned by vout_RenderPicture */
vout->p->displayed.date = mdate();
- vout_display_Display(vd,
- sys->display.filtered ? sys->display.filtered
- : todisplay,
- subpic);
+ vout_display_Display(vd, todisplay, subpic);
sys->display.filtered = NULL;
vout_statistic_AddDisplayed(&vout->p->statistic, 1);
More information about the vlc-commits
mailing list