[vlc-commits] [Git][videolan/vlc][3.0.x] text_renderer/svg: fix uaf at template load
Jean-Baptiste Kempf (@jbk)
gitlab at videolan.org
Thu Nov 13 20:41:50 UTC 2025
Jean-Baptiste Kempf pushed to branch 3.0.x at VideoLAN / VLC
Commits:
ca8dd2c9 by Khalid Masum at 2025-11-13T21:21:55+01:00
text_renderer/svg: fix uaf at template load
If token is not found in svg template, psz_template is
freed. Yet it is used in svg_GetDocument as
psz_file_template and incorectly being double freed in
Destroy().
Since the only use of psz_file_template is in svg_GetDocument
and it is performed after a null-check, setting psz_template
to null after freed should fix the issue.
Fixes: #29370 (Coverity 1398436)
(cherry picked from commit 03e511aea8214405b2a2bc44b4d9b9fc5a7ce56e) (rebased)
rebased:
- Replacement of tab with space
- - - - -
1 changed file:
- modules/text_renderer/svg.c
Changes:
=====================================
modules/text_renderer/svg.c
=====================================
@@ -130,6 +130,7 @@ static void svg_LoadTemplate( filter_t *p_filter )
{
msg_Err( p_filter, "'%s' not found in SVG template", SVG_TEMPLATE_BODY_TOKEN );
free( psz_template );
+ psz_template = NULL;
}
else *((char*)p_sys->psz_token) = 0;
}
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/ca8dd2c982eb048aad45f0d2e0358e452a9ac281
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/ca8dd2c982eb048aad45f0d2e0358e452a9ac281
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list