[vlc-devel] [vlc-commits] picture: factor freeing picture_t

Rémi Denis-Courmont remi at remlab.net
Mon Dec 17 17:08:28 CET 2018


Le lauantaina 15. joulukuuta 2018, 5.17.23 EET robux4 at ycbcr.xyz a écrit :
> On 14 Dec 2018 at 21:53 +0100, Rémi Denis-Courmont <remi at remlab.net>, wrote:
> > Le perjantaina 14. joulukuuta 2018, 17.45.47 EET Steve Lhomme a écrit :
> > > The issue is this line:
> > > http://git.videolan.org/?p=vlc.git;a=blob;f=src/misc/picture.c;h=bcab746
> > > 22d2 f39f1b5df8c1993adb56ffdbe40b8;hb=HEAD#l406
> > > 
> > > It free() the clone. Which is then free() again in the caller of
> > > picture_DestroyClone(), that's
> > > picture_Destroy().
> > > 
> > > Maybe it works for you if you don't use codecs using clones...
> > 
> > Yes and it was a trivial double free as expected. It was easy to diagnose
> > with the address sanitizer.
> > 
> > You wouldn't have had to wait 48h for a fix if you were using a reasonable
> > development environment, that is to say with address and UB sanitizers
> > supported and enabled.
> 
> I know people who use that and still make such trivial errors.

I know someone who broke multiple vouts with picture trivial reference 
counting recent changes and who would be an hypocrit to make such sarcasm.

-- 
Реми Дёни-Курмон
http://www.remlab.net/





More information about the vlc-devel mailing list