[vlc-commits] playlist: fix use after free in current array
Rémi Denis-Courmont
git at videolan.org
Thu Nov 17 21:08:58 CET 2016
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Thu Nov 17 22:02:08 2016 +0200| [4151f731a9a58a66e2931ae51cdb5939523e7c6b] | committer: Rémi Denis-Courmont
playlist: fix use after free in current array
The "current" array is *not* sorted by ID. Binary search cannot work
there. (Maybe this should be a linked-listed instead.)
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=4151f731a9a58a66e2931ae51cdb5939523e7c6b
---
src/playlist/tree.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/playlist/tree.c b/src/playlist/tree.c
index 8bc560f..b6bc9c3 100644
--- a/src/playlist/tree.c
+++ b/src/playlist/tree.c
@@ -129,9 +129,11 @@ void playlist_NodeDelete( playlist_t *p_playlist, playlist_item_t *p_root,
set_current_status_item( p_playlist, NULL );
}
- ARRAY_BSEARCH( p_playlist->current,->i_id, int, p_root->i_id, i );
- if( i != -1 )
- ARRAY_REMOVE( p_playlist->current, i );
+ for( i = 0; i < p_playlist->current.i_size; i++ )
+ if( p_playlist->current.p_elems[i] == p_root )
+ ARRAY_REMOVE( p_playlist->current, i );
+ for( i = 0; i < p_playlist->current.i_size; i++ )
+ assert( p_playlist->current.p_elems[i] != p_root );
PL_DEBUG( "deleting item `%s'", p_root->p_input->psz_name );
More information about the vlc-commits
mailing list