[vlc-devel] [vlc-commits] picture: factor freeing picture_t
Rémi Denis-Courmont
remi at remlab.net
Fri Dec 14 21:53:25 CET 2018
Le perjantaina 14. joulukuuta 2018, 17.45.47 EET Steve Lhomme a écrit :
> The issue is this line:
> http://git.videolan.org/?p=vlc.git;a=blob;f=src/misc/picture.c;h=bcab74622d2
> f39f1b5df8c1993adb56ffdbe40b8;hb=HEAD#l406
>
> It free() the clone. Which is then free() again in the caller of
> picture_DestroyClone(), that's
> picture_Destroy().
>
> Maybe it works for you if you don't use codecs using clones...
Yes and it was a trivial double free as expected. It was easy to diagnose with
the address sanitizer.
You wouldn't have had to wait 48h for a fix if you were using a reasonable
development environment, that is to say with address and UB sanitizers
supported and enabled.
--
Реми Дёни-Курмон
http://www.remlab.net/
More information about the vlc-devel
mailing list