[vlc-commits] bluray: fix memory corruption
Petri Hintukainen
git at videolan.org
Mon Jun 17 11:29:41 CEST 2019
vlc | branch: master | Petri Hintukainen <phintuka at gmail.com> | Sun Jun 16 15:12:00 2019 +0300| [edcece66b158d16b6b84d72e5e7d44bab5f3fe0a] | committer: Petri Hintukainen
bluray: fix memory corruption
Pointer to es_out_t callback struct was partially overwritten when
registering overlay.
Caused by changing vararg function parameter from int * to size_t *
in 9d592a58e454c8c42a21d9b59f1f6c7d6639b93e.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=edcece66b158d16b6b84d72e5e7d44bab5f3fe0a
---
modules/access/bluray.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/modules/access/bluray.c b/modules/access/bluray.c
index 4e21ddbed1..54746fc98f 100644
--- a/modules/access/bluray.c
+++ b/modules/access/bluray.c
@@ -1237,7 +1237,7 @@ typedef struct
struct
{
es_out_id_t *p_video_es;
- int channels[MAX_OVERLAY];
+ size_t channels[MAX_OVERLAY];
} overlay;
es_out_t es_out;
} bluray_esout_priv_t;
@@ -1529,7 +1529,7 @@ static int bluray_esOutControl(es_out_t *p_out, int i_query, va_list args)
int i_plane = va_arg(args, int);
if(esout_priv->overlay.p_video_es &&
i_plane < MAX_OVERLAY &&
- esout_priv->overlay.channels[i_plane] != VOUT_SPU_CHANNEL_INVALID)
+ (ssize_t)esout_priv->overlay.channels[i_plane] != VOUT_SPU_CHANNEL_INVALID)
{
i_ret = es_out_Control(esout_priv->p_dst_out, ES_OUT_VOUT_DEL_OVERLAY,
esout_priv->overlay.p_video_es,
@@ -1538,7 +1538,7 @@ static int bluray_esOutControl(es_out_t *p_out, int i_query, va_list args)
}
else
{
- assert(esout_priv->overlay.channels[i_plane] == VOUT_SPU_CHANNEL_INVALID);
+ assert((ssize_t)esout_priv->overlay.channels[i_plane] == VOUT_SPU_CHANNEL_INVALID);
i_ret = VLC_EGENERIC;
}
break;
More information about the vlc-commits
mailing list