[vlc-devel] [vlc-commits] picture: factor freeing picture_t

Rémi Denis-Courmont remi at remlab.net
Fri Dec 14 21:53:25 CET 2018

Le perjantaina 14. joulukuuta 2018, 17.45.47 EET Steve Lhomme a écrit :
> The issue is this line:
> http://git.videolan.org/?p=vlc.git;a=blob;f=src/misc/picture.c;h=bcab74622d2
> f39f1b5df8c1993adb56ffdbe40b8;hb=HEAD#l406
> It free() the clone. Which is then free() again in the caller of
> picture_DestroyClone(), that's
> picture_Destroy().
> Maybe it works for you if you don't use codecs using clones...

Yes and it was a trivial double free as expected. It was easy to diagnose with 
the address sanitizer.

You wouldn't have had to wait 48h for a fix if you were using a reasonable 
development environment, that is to say with address and UB sanitizers 
supported and enabled.

Реми Дёни-Курмон

More information about the vlc-devel mailing list