[vlc-devel] [PATCH] misc/image: ImageRead: use vlc_format_Copy
Filip Roséen
filip at atch.se
Sun May 21 20:50:24 CEST 2017
If the decoder allocates data within video_format_t.p_palette, the
previous implementation would result in a use-after-free (among other
issues) due to the ownership of said p_palette not being well-defined.
This fixes the issue by using video_format_Copy, so that the two fmts
do not refer to the same palette.
fixes: #18334
---
src/misc/image.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/misc/image.c b/src/misc/image.c
index 7842392dc6..9b4631ecaa 100644
--- a/src/misc/image.c
+++ b/src/misc/image.c
@@ -251,9 +251,15 @@ static picture_t *ImageRead( image_handler_t *p_image, block_t *p_block,
}
p_pic = p_image->p_filter->pf_video_filter( p_image->p_filter, p_pic );
- *p_fmt_out = p_image->p_filter->fmt_out.video;
+
+ video_format_Clean( p_fmt_out );
+ video_format_Copy( p_fmt_out, &p_image->p_filter->fmt_out.video );
+ }
+ else
+ {
+ video_format_Clean( p_fmt_out );
+ video_format_Copy( p_fmt_out, &p_image->p_dec->fmt_out.video );
}
- else *p_fmt_out = p_image->p_dec->fmt_out.video;
return p_pic;
}
--
2.13.0
More information about the vlc-devel
mailing list