[vlc-devel] [PATCH] hevc: fix potential use-after-free
RĂ©mi Denis-Courmont
remi at remlab.net
Sun Nov 12 16:33:32 CET 2017
GatherAndValidate() can free the fragment. Extract the timestamps earlier.
---
modules/packetizer/hevc.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/modules/packetizer/hevc.c b/modules/packetizer/hevc.c
index b58aa615a9..300318ac33 100644
--- a/modules/packetizer/hevc.c
+++ b/modules/packetizer/hevc.c
@@ -781,8 +781,10 @@ static block_t *ParseNALBlock(decoder_t *p_dec, bool *pb_ts_used, block_t *p_fra
}
/* Get NALU type */
+ const mtime_t dts = p_frag->i_dts, pts = p_frag->i_pts;
block_t * p_output = NULL;
uint8_t i_nal_type = hevc_getNALType(&p_frag->p_buffer[4]);
+
if (i_nal_type < HEVC_NAL_VPS)
{
/* NAL is a VCL NAL */
@@ -799,9 +801,9 @@ static block_t *ParseNALBlock(decoder_t *p_dec, bool *pb_ts_used, block_t *p_fra
if(p_output)
{
SetOutputBlockProperties( p_dec, p_output );
- if(p_frag->i_dts > VLC_TS_INVALID)
- date_Set(&p_sys->dts, p_frag->i_dts);
- p_sys->pts = p_frag->i_pts;
+ if (dts > VLC_TS_INVALID)
+ date_Set(&p_sys->dts, dts);
+ p_sys->pts = pts;
*pb_ts_used = true;
}
--
2.15.0
More information about the vlc-devel
mailing list