[vlc-commits] Revert "libvlc: delete preparser before interfaces"
Rémi Denis-Courmont
git at videolan.org
Thu Jun 16 22:39:33 CEST 2016
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Thu Jun 16 23:33:07 2016 +0300| [17bd88b915188d1659ec46c07aa1efd3745071b5] | committer: Rémi Denis-Courmont
Revert "libvlc: delete preparser before interfaces"
This reverts commit 9e9b227443831d8c9798b78122a2194053f2b2f1.
The preparser must obviously outlive the playlist (and thus interfaces).
This fixes use after free:
ERROR: AddressSanitizer: heap-use-after-free on address 0x611000005548 at pc 0x7fad5e11bffa bp 0x7fad50daac10 sp 0x7fad50daac08
READ of size 8 at 0x611000005548 thread T1
#0 0x7fad5e11bff9 in playlist_preparser_fetcher_Push ../../src/playlist/preparser.c:128
#1 0x7fad5e0e7640 in libvlc_ArtRequest ../../src/libvlc.c:648
#2 0x7fad5e10ad37 in PlayItem ../../src/playlist/thread.c:232
#3 0x7fad5e10d167 in Next ../../src/playlist/thread.c:478
#4 0x7fad5e10d448 in Thread ../../src/playlist/thread.c:501
#5 0x7fad5fba3463 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7463)
#6 0x7fad5f6dce5c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8e5c)
0x611000005548 is located 8 bytes inside of 208-byte region [0x611000005540,0x611000005610)
freed by thread T0 here:
#0 0x7fad60ea69d0 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc19d0)
#1 0x7fad5e11cf8f in playlist_preparser_Delete ../../src/playlist/preparser.c:184
#2 0x7fad5e0e6b53 in libvlc_InternalCleanup ../../src/libvlc.c:512
#3 0x7fad60b2ed14 in libvlc_release ../../lib/core.c:105
#4 0x4024da in main ../../bin/vlc.c:275
#5 0x7fad5f6145ef in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x205ef)
previously allocated by thread T0 here:
#0 0x7fad60ea6ce8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1ce8)
#1 0x7fad5e11b3cd in playlist_preparser_New ../../src/playlist/preparser.c:74
#2 0x7fad5e0e62a2 in libvlc_InternalInit ../../src/libvlc.c:374
#3 0x7fad60b2e6d3 in libvlc_new ../../lib/core.c:59
#4 0x4022dd in main ../../bin/vlc.c:228
#5 0x7fad5f6145ef in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x205ef)
Thread T1 created by T0 here:
#0 0x7fad60e15f19 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f19)
#1 0x7fad5e30d9f6 in vlc_clone_attr ../../src/posix/thread.c:484
#2 0x7fad5e30dbd8 in vlc_clone ../../src/posix/thread.c:496
#3 0x7fad5e1091a9 in playlist_Activate ../../src/playlist/thread.c:54
#4 0x7fad5e1117a0 in playlist_Create ../../src/playlist/engine.c:299
#5 0x7fad5e106139 in intf_GetPlaylist ../../src/interface/interface.c:149
#6 0x7fad5e1061d9 in intf_InsertItem ../../src/interface/interface.c:165
#7 0x7fad5e0e72f7 in GetFilenames ../../src/libvlc.c:605
#8 0x7fad5e0e6979 in libvlc_InternalInit ../../src/libvlc.c:488
#9 0x7fad60b2e6d3 in libvlc_new ../../lib/core.c:59
#10 0x4022dd in main ../../bin/vlc.c:228
#11 0x7fad5f6145ef in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x205ef)
SUMMARY: AddressSanitizer: heap-use-after-free ../../src/playlist/preparser.c:128 in playlist_preparser_fetcher_Push
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=17bd88b915188d1659ec46c07aa1efd3745071b5
---
src/libvlc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libvlc.c b/src/libvlc.c
index 3ccdede..48c2b8c 100644
--- a/src/libvlc.c
+++ b/src/libvlc.c
@@ -508,9 +508,6 @@ void libvlc_InternalCleanup( libvlc_int_t *p_libvlc )
{
libvlc_priv_t *priv = libvlc_priv (p_libvlc);
- if (priv->parser != NULL)
- playlist_preparser_Delete(priv->parser);
-
/* Ask the interfaces to stop and destroy them */
msg_Dbg( p_libvlc, "removing all interfaces" );
libvlc_Quit( p_libvlc );
@@ -539,6 +536,9 @@ void libvlc_InternalCleanup( libvlc_int_t *p_libvlc )
}
#endif
+ if (priv->parser != NULL)
+ playlist_preparser_Delete(priv->parser);
+
vlc_DeinitActions( p_libvlc, priv->actions );
/* Save the configuration */
More information about the vlc-commits
mailing list