[vlc-commits] libmpeg2: fix NULl deref on vout failure (fixes #18366)

Rémi Denis-Courmont git at videolan.org
Mon May 29 17:19:06 CEST 2017 

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sun May 28 14:50:42 2017 +0300| [d0b0bf12fc80756fc368ddc48e790f2b2b54fd5f] | committer: Rémi Denis-Courmont

libmpeg2: fix NULl deref on vout failure (fixes #18366)

This ensures that the synchro object is allocated regardless of the
video output state.

Note that they are probably other ways to trigger similar NULL
dereference. It is highly questionable that this plugin should remain
in the tree with all its bugs and no upstream (libmpeg2) maintainance.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=d0b0bf12fc80756fc368ddc48e790f2b2b54fd5f
---

 modules/codec/libmpeg2.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/modules/codec/libmpeg2.c b/modules/codec/libmpeg2.c
index 9e4269a7c5..d460dbedd7 100644
--- a/modules/codec/libmpeg2.c
+++ b/modules/codec/libmpeg2.c
@@ -279,6 +279,17 @@ static picture_t *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
             /* */
             mpeg2_custom_fbuf( p_sys->p_mpeg2dec, 1 );
 
+            if( p_sys->p_synchro )
+                decoder_SynchroRelease( p_sys->p_synchro );
+
+            if( p_sys->p_info->sequence->frame_period <= 0 )
+                p_sys->p_synchro = NULL;
+            else
+                p_sys->p_synchro =
+                decoder_SynchroInit( p_dec, (uint32_t)(UINT64_C(1001000000) *
+                                27 / p_sys->p_info->sequence->frame_period) );
+            p_sys->b_after_sequence_header = true;
+
             /* Set the first 2 reference frames */
             GetAR( p_dec );
             for( int i = 0; i < 2; i++ )
@@ -292,17 +303,6 @@ static picture_t *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
                 }
                 PutPicture( p_dec, p_picture );
             }
-
-            if( p_sys->p_synchro )
-                decoder_SynchroRelease( p_sys->p_synchro );
-
-            if( p_sys->p_info->sequence->frame_period <= 0 )
-                p_sys->p_synchro = NULL;
-            else
-                p_sys->p_synchro =
-                decoder_SynchroInit( p_dec, (uint32_t)(UINT64_C(1001000000) *
-                                27 / p_sys->p_info->sequence->frame_period) );
-            p_sys->b_after_sequence_header = true;
             break;
         }

More information about the vlc-commits mailing list