[vlc-commits] [Git][videolan/vlc][master] text_renderer/svg: fix uaf at template load
Steve Lhomme (@robUx4)
gitlab at videolan.org
Fri Oct 10 06:31:11 UTC 2025
Steve Lhomme pushed to branch master at VideoLAN / VLC
Commits:
03e511ae by Khalid Masum at 2025-10-10T06:11:10+00:00
text_renderer/svg: fix uaf at template load
If token is not found in svg template, psz_template is
freed. Yet it is used in svg_GetDocument as
psz_file_template and incorectly being double freed in
Destroy().
Since the only use of psz_file_template is in svg_GetDocument
and it is performed after a null-check, setting psz_template
to null after freed should fix the issue.
Fixes: #29370 (Coverity 1398436)
- - - - -
1 changed file:
- modules/text_renderer/svg.c
Changes:
=====================================
modules/text_renderer/svg.c
=====================================
@@ -127,6 +127,7 @@ static void svg_LoadTemplate( filter_t *p_filter )
{
msg_Err( p_filter, "'%s' not found in SVG template", SVG_TEMPLATE_BODY_TOKEN );
free( psz_template );
+ psz_template = NULL;
}
else *((char*)p_sys->psz_token) = 0;
}
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/03e511aea8214405b2a2bc44b4d9b9fc5a7ce56e
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/03e511aea8214405b2a2bc44b4d9b9fc5a7ce56e
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list