[vlc-commits] preparser: Fix potential use after free
Hugo Beauzée-Luyssen
git at videolan.org
Thu Sep 19 14:29:22 CEST 2019
vlc | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Thu Sep 19 13:55:23 2019 +0200| [49f41654459f3231f112b009d1c41617cd201881] | committer: Hugo Beauzée-Luyssen
preparser: Fix potential use after free
If the art fetcher completes before ReqHold gets called, we will end up
releasing the request before holding it for the art fetcher, causing a
use after free when the task gets released by the background worker
invokes TerminateTask
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=49f41654459f3231f112b009d1c41617cd201881
---
src/preparser/preparser.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/preparser/preparser.c b/src/preparser/preparser.c
index 51e2c3e311..723feb96dc 100644
--- a/src/preparser/preparser.c
+++ b/src/preparser/preparser.c
@@ -203,13 +203,14 @@ static void PreparserCloseInput( void* preparser_, void* task_ )
if( preparser->fetcher && (req->options & META_REQUEST_OPTION_FETCH_ANY) )
{
task->preparse_status = status;
+ ReqHold(task->req);
if (!input_fetcher_Push(preparser->fetcher, item,
req->options & META_REQUEST_OPTION_FETCH_ANY,
&input_fetcher_callbacks, task))
{
- ReqHold(task->req);
return;
}
+ ReqRelease(task->req);
}
free(task);
More information about the vlc-commits
mailing list