[vlc-devel] [vlc-commits] picture: factor freeing picture_t
robux4 at ycbcr.xyz
robux4 at ycbcr.xyz
Sat Dec 15 04:17:23 CET 2018
On 14 Dec 2018 at 21:53 +0100, Rémi Denis-Courmont <remi at remlab.net>, wrote:
> Le perjantaina 14. joulukuuta 2018, 17.45.47 EET Steve Lhomme a écrit :
> > The issue is this line:
> > http://git.videolan.org/?p=vlc.git;a=blob;f=src/misc/picture.c;h=bcab74622d2
> > f39f1b5df8c1993adb56ffdbe40b8;hb=HEAD#l406
> >
> > It free() the clone. Which is then free() again in the caller of
> > picture_DestroyClone(), that's
> > picture_Destroy().
> >
> > Maybe it works for you if you don't use codecs using clones...
>
> Yes and it was a trivial double free as expected. It was easy to diagnose with
> the address sanitizer.
>
> You wouldn't have had to wait 48h for a fix if you were using a reasonable
> development environment, that is to say with address and UB sanitizers
> supported and enabled.
I know people who use that and still make such trivial errors.
> --
> Реми Дёни-Курмон
> http://www.remlab.net/
>
>
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20181215/def80940/attachment.html>
More information about the vlc-devel
mailing list