[vlc-commits] [Git][videolan/vlc][master] chroma_probe: fix possible use-after-free
Steve Lhomme (@robUx4)
gitlab at videolan.org
Fri Apr 18 05:53:31 UTC 2025
Steve Lhomme pushed to branch master at VideoLAN / VLC
Commits:
a6bd7b4f by Thomas Guillem at 2025-04-18T05:37:12+00:00
chroma_probe: fix possible use-after-free
Asan report:
$ ASAN_OPTIONS=halt_on_error=false ./test/test_src_misc_chroma_probe VAOP
==411069==ERROR: AddressSanitizer: heap-use-after-free on address 0x524000042830 at pc 0x7f16fd14e49e bp 0x7ffda23620c0 sp 0x7ffda23620b8
READ of size 8 at 0x524000042830 thread T0
#0 0x7f16fd14e49d in vlc_chroma_conv_result_Equals ../../src/misc/chroma_probe.c:336
#1 0x7f16fd14e49d in vlc_chroma_conv_Probe ../../src/misc/chroma_probe.c:442
#2 0x4022ba in main ../../test/src/misc/chroma_probe.c:330
#3 0x7f16fc516247 in __libc_start_call_main (/lib64/libc.so.6+0x3247) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
#4 0x7f16fc51630a in __libc_start_main at GLIBC_2.2.5 (/lib64/libc.so.6+0x330a) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
#5 0x403744 in _start (/var/home/asenat/Workspaces/vlan/vlc/build/test/test_src_misc_chroma_probe+0x403744) (BuildId: 67a39e0b63fa78ae2d672a359d5ce1a997726940)
0x524000042830 is located 1840 bytes inside of 6976-byte region [0x524000042100,0x524000043c40)
freed by thread T0 here:
#0 0x7f16fe07c7d8 in realloc.part.0 (/lib64/libasan.so.8+0xc17d8) (BuildId: 5294bd2731fcae07af92dfea7808576c57d53bc9)
#1 0x7f16fd14d635 in vlc_reallocarray ../../include/vlc_common.h:1079
#2 0x7f16fd14d635 in vlc_vector_reallocdata_ ../../include/vlc_vector.h:171
#3 0x7f16fd14d635 in vlc_chroma_conv_Probe ../../src/misc/chroma_probe.c:447
#4 0x4022ba in main ../../test/src/misc/chroma_probe.c:330
#5 0x7f16fc516247 in __libc_start_call_main (/lib64/libc.so.6+0x3247) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
#6 0x7f16fc51630a in __libc_start_main at GLIBC_2.2.5 (/lib64/libc.so.6+0x330a) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
#7 0x403744 in _start (/var/home/asenat/Workspaces/vlan/vlc/build/test/test_src_misc_chroma_probe+0x403744) (BuildId: 67a39e0b63fa78ae2d672a359d5ce1a997726940)
previously allocated by thread T0 here:
#0 0x7f16fe07d8d7 in malloc (/lib64/libasan.so.8+0xc28d7) (BuildId: 5294bd2731fcae07af92dfea7808576c57d53bc9)
#1 0x7f16fd14c23c in vlc_reallocarray ../../include/vlc_common.h:1079
#2 0x7f16fd14c23c in vlc_vector_reallocdata_ ../../include/vlc_vector.h:171
#3 0x7f16fd14c23c in vlc_chroma_conv_Probe ../../src/misc/chroma_probe.c:402
#4 0x4022ba in main ../../test/src/misc/chroma_probe.c:330
#5 0x7f16fc516247 in __libc_start_call_main (/lib64/libc.so.6+0x3247) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
#6 0x7f16fc51630a in __libc_start_main at GLIBC_2.2.5 (/lib64/libc.so.6+0x330a) (BuildId: b6c381bfdcb5e08ea82c1c39cf16580181fb6cfc)
#7 0x403744 in _start (/var/home/asenat/Workspaces/vlan/vlc/build/test/test_src_misc_chroma_probe+0x403744) (BuildId: 67a39e0b63fa78ae2d672a359d5ce1a997726940)
- - - - -
1 changed file:
- src/misc/chroma_probe.c
Changes:
=====================================
src/misc/chroma_probe.c
=====================================
@@ -445,6 +445,8 @@ vlc_chroma_conv_Probe(vlc_fourcc_t from, vlc_fourcc_t to,
if (next->cost < cur->cost)
cur->cost = next->cost;
vlc_vector_remove(&result_vec, j);
+ /* update pointer after possible realloc */
+ cur = &result_vec.data[i];
}
else
j++;
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/a6bd7b4f448b94e0a23db68eb47fbb5f76a3a6ee
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/a6bd7b4f448b94e0a23db68eb47fbb5f76a3a6ee
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list