[vlc-commits] [Git][videolan/vlc][master] 2 commits: playlist: fix use-after-free with the preparser
Steve Lhomme (@robUx4)
gitlab at videolan.org
Fri Nov 15 15:50:21 UTC 2024
Steve Lhomme pushed to branch master at VideoLAN / VLC
Commits:
e31a6401 by Thomas Guillem at 2024-11-15T15:29:37+00:00
playlist: fix use-after-free with the preparser
vlc_preparser_Deactivate() won't prevent any callbacks to be called, it
will just cancel all pending tasks and ensure no tasks are pushed
anymore. vlc_preparser_Delete() will wait for the executor threads and
prevent callbacks to be called.
Fixes the following use-after-free:
==1190318==ERROR: AddressSanitizer: heap-use-after-free on address 0x517000003fb0 at pc 0x7f1f71dff3e5 bp 0x7f1f6e5feb00 sp 0x7f1f6e5feaf8
READ of size 8 at 0x517000003fb0 thread T2 (vlc-run-searchl)
#0 0x7f1f71dff3e4 in vlc_mutex_held ../../src/misc/threads.c:91
#1 0x7f1f71d5a41c in vlc_player_Lock ../../src/player/player.c:943
#2 0x7f1f71ce9891 in vlc_playlist_Lock ../../src/playlist/playlist.c:101
#3 0x7f1f71ce9d54 in on_preparse_ended ../../src/playlist/preparse.c:99
#4 0x7f1f71cf2c7a in NotifyPreparseEnded ../../src/preparser/preparser.c:153
#5 0x7f1f71cf2d4c in OnArtFetchEnded ../../src/preparser/preparser.c:205
#6 0x7f1f71cf003d in NotifyArtFetchEnded ../../src/preparser/fetcher.c:296
#7 0x7f1f71cf1c0e in RunSearchLocal ../../src/preparser/fetcher.c:393
#8 0x7f1f71debd07 in ThreadRun ../../src/misc/executor.c:134
#9 0x7f1f7205b1d5 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
#10 0x7f1f7195f111 in start_thread nptl/pthread_create.c:447
#11 0x7f1f719dd8f7 in __clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
0x517000003fb0 is located 48 bytes inside of 656-byte region [0x517000003f80,0x517000004210)
freed by thread T0 here:
#0 0x7f1f720f3918 in free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0x7f1f71e0be6f in vlc_object_delete ../../src/misc/objects.c:144
#2 0x7f1f71d5f35e in vlc_player_Delete ../../src/player/player.c:1909
#3 0x7f1f71ce8d9e in vlc_playlist_PlayerDestroy ../../src/playlist/player.c:169
#4 0x7f1f71ce9801 in vlc_playlist_Delete ../../src/playlist/playlist.c:90
#5 0x7f1f71ca8286 in libvlc_InternalCleanup ../../src/libvlc.c:367
#6 0x7f1f71fcc756 in libvlc_release ../../lib/core.c:114
#7 0x560dae321a97 in main ../../bin/vlc.c:275
#8 0x7f1f718f6d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
- - - - -
f70449a6 by Thomas Guillem at 2024-11-15T15:29:37+00:00
preparser: remove vlc_preparser_Deactivate()
It is now unused, cf previous commit.
- - - - -
4 changed files:
- include/vlc_preparser.h
- src/libvlccore.sym
- src/playlist/playlist.c
- src/preparser/preparser.c
Changes:
=====================================
include/vlc_preparser.h
=====================================
@@ -225,16 +225,6 @@ VLC_API size_t vlc_preparser_Cancel( vlc_preparser_t *preparser,
*/
VLC_API void vlc_preparser_Delete( vlc_preparser_t *preparser );
-/**
- * This function deactivates the preparser
- *
- * All pending requests will be removed, and it will block until the currently
- * running entity has finished (if any).
- *
- * @param preparser the preparser object
- */
-VLC_API void vlc_preparser_Deactivate( vlc_preparser_t *preparser );
-
/**
* Do not use, libVLC only fonction, will be removed soon
*/
=====================================
src/libvlccore.sym
=====================================
@@ -1040,5 +1040,4 @@ vlc_preparser_Push
vlc_preparser_GenerateThumbnail
vlc_preparser_Cancel
vlc_preparser_Delete
-vlc_preparser_Deactivate
vlc_preparser_SetTimeout
=====================================
src/playlist/playlist.c
=====================================
@@ -85,13 +85,11 @@ vlc_playlist_Delete(vlc_playlist_t *playlist)
assert(vlc_list_is_empty(&playlist->listeners));
if (playlist->parser != NULL)
- vlc_preparser_Deactivate(playlist->parser);
+ vlc_preparser_Delete(playlist->parser);
vlc_playlist_PlayerDestroy(playlist);
randomizer_Destroy(&playlist->randomizer);
vlc_playlist_ClearItems(playlist);
- if (playlist->parser != NULL)
- vlc_preparser_Delete(playlist->parser);
free(playlist);
}
=====================================
src/preparser/preparser.c
=====================================
@@ -44,7 +44,6 @@ struct vlc_preparser_t
vlc_executor_t *parser;
vlc_executor_t *thumbnailer;
vlc_tick_t timeout;
- atomic_bool deactivated;
vlc_mutex_t lock;
vlc_preparser_req_id current_id;
@@ -461,8 +460,6 @@ vlc_preparser_t* vlc_preparser_New( vlc_object_t *parent,
else
preparser->thumbnailer = NULL;
- atomic_init( &preparser->deactivated, false );
-
vlc_mutex_init(&preparser->lock);
vlc_list_init(&preparser->submitted_tasks);
preparser->current_id = 1;
@@ -485,9 +482,6 @@ vlc_preparser_req_id vlc_preparser_Push( vlc_preparser_t *preparser, input_item_
const input_item_parser_cbs_t *cbs,
void *cbs_userdata )
{
- if( atomic_load( &preparser->deactivated ) )
- return VLC_PREPARSER_REQ_ID_INVALID;
-
assert((type_options & VLC_PREPARSER_TYPE_THUMBNAIL) == 0);
assert(type_options & VLC_PREPARSER_TYPE_PARSE
@@ -534,9 +528,6 @@ vlc_preparser_GenerateThumbnail( vlc_preparser_t *preparser, input_item_t *item,
const struct vlc_thumbnailer_cbs *cbs,
void *cbs_userdata )
{
- if( atomic_load( &preparser->deactivated ) )
- return VLC_PREPARSER_REQ_ID_INVALID;
-
assert(preparser->thumbnailer != NULL);
assert(cbs != NULL && cbs->on_ended != NULL);
@@ -602,12 +593,6 @@ size_t vlc_preparser_Cancel( vlc_preparser_t *preparser, vlc_preparser_req_id id
return count;
}
-void vlc_preparser_Deactivate( vlc_preparser_t* preparser )
-{
- atomic_store( &preparser->deactivated, true );
- vlc_preparser_Cancel(preparser, 0);
-}
-
void vlc_preparser_SetTimeout( vlc_preparser_t *preparser,
vlc_tick_t timeout )
{
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/39bad77f43fd51c59150c734c6f7b1094fcab0d0...f70449a6fde6274e9fcdc29a3c94005a9302ff44
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/39bad77f43fd51c59150c734c6f7b1094fcab0d0...f70449a6fde6274e9fcdc29a3c94005a9302ff44
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list