[vlc-devel] [PATCH] input: missing lock on title update
Thomas Guillem
thomas at gllm.fr
Mon Dec 23 11:10:53 CET 2019
It's for VLC 3.0, right ?
I don't think this is needed for VLC 4.0 since titles are only accessed via the VLC_INPUT_TITLE_NEW_LIST always sent from the same thread.
On Fri, Dec 20, 2019, at 22:15, Francois Cartegnie wrote:
> Don't know why it never happened before.
>
> ==9309==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x603000630cd0 at pc 0x7efbfe9e291e bp 0x7efbd91f1af0 sp 0x7efbd91f1ae0
> READ of size 8 at 0x603000630cd0 thread T4
> #0 0x7efbfe9e291d in vlc_input_title_Duplicate
> ../../vlc/include/vlc_input.h:137
> #1 0x7efbfe9e291d in input_vaControl
> ../../vlc/src/input/control.c:357
> #2 0x7efbfe9e389c in input_Control ../../vlc/src/input/control.c:59
> #3 0x7efbdc9816cb in InputManager::UpdateNavigation()
> ../../vlc/modules/gui/qt/input_manager.cpp:453
> #4 0x7efbdc9855bf in InputManager::customEvent(QEvent*)
> ../../vlc/modules/gui/qt/input_manager.cpp:262
> #5 0x7efbdb923c14 in QObject::event(QEvent*)
> (/lib64/libQt5Core.so.5+0x28fc14)
> #6 0x7efbdc263ad5 in QApplicationPrivate::notify_helper(QObject*,
> QEvent*) (/lib64/libQt5Widgets.so.5+0x16fad5)
> #7 0x7efbdc26d14f in QApplication::notify(QObject*, QEvent*)
> (/lib64/libQt5Widgets.so.5+0x17914f)
> #8 0x7efbdb8f8de7 in QCoreApplication::notifyInternal2(QObject*,
> QEvent*) (/lib64/libQt5Core.so.5+0x264de7)
> #9 0x7efbdb8fbd8a in
> QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*)
> (/lib64/libQt5Core.so.5+0x267d8a)
> #10 0x7efbdb94df26 (/lib64/libQt5Core.so.5+0x2b9f26)
> #11 0x7efbdaeacecc in g_main_context_dispatch
> (/lib64/libglib-2.0.so.0+0x4fecc)
> #12 0x7efbdaead25f (/lib64/libglib-2.0.so.0+0x5025f)
> #13 0x7efbdaead302 in g_main_context_iteration
> (/lib64/libglib-2.0.so.0+0x50302)
> #14 0x7efbdb94dcb4 in
> QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt5Core.so.5+0x2b9cb4)
> #15 0x7efbdb8f7cea in
> QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
> (/lib64/libQt5Core.so.5+0x263cea)
> #16 0x7efbdb8ffa15 in QCoreApplication::exec()
> (/lib64/libQt5Core.so.5+0x26ba15)
> #17 0x7efbdc921bee in ThreadPlatform
> ../../vlc/modules/gui/qt/qt.cpp:643
> #18 0x7efbdc923589 in ThreadXCB ../../vlc/modules/gui/qt/qt.cpp:368
> #19 0x7efbfe7394bf in start_thread (/lib64/libpthread.so.0+0x84bf)
> #20 0x7efbfe65f162 in clone (/lib64/libc.so.6+0xfc162)
>
> 0x603000630cd0 is located 0 bytes inside of 32-byte region
> [0x603000630cd0,0x603000630cf0)
> freed by thread T14 here:
> #0 0x7efbfed6485f in __interceptor_free
> (/lib64/libasan.so.5+0x10d85f)
> #1 0x7efbfea275e7 in vlc_input_title_Delete
> ../../vlc/include/vlc_input.h:129
> #2 0x7efbfea275e7 in vlc_input_title_Delete
> ../../vlc/include/vlc_input.h:119
> #3 0x7efbfea275e7 in UpdateTitleListfromDemux
> ../../vlc/src/input/input.c:2509
> #4 0x7efbfea275e7 in MainLoopDemux ../../vlc/src/input/input.c:584
> #5 0x7efbfea275e7 in MainLoop ../../vlc/src/input/input.c:723
> #6 0x7efbfea2d0be in Run ../../vlc/src/input/input.c:505
>
> ---
> src/input/input.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/input/input.c b/src/input/input.c
> index 75de527279..c97e78adea 100644
> --- a/src/input/input.c
> +++ b/src/input/input.c
> @@ -2502,6 +2502,7 @@ static void UpdateTitleListfromDemux(
> input_thread_t *p_input )
> input_thread_private_t *priv = input_priv(p_input);
> input_source_t *in = priv->master;
>
> + vlc_mutex_lock( &priv->p_item->lock );
> /* Delete the preexisting titles */
> if( in->i_title > 0 )
> {
> @@ -2521,6 +2522,8 @@ static void UpdateTitleListfromDemux(
> input_thread_t *p_input )
> else
> in->b_title_demux = true;
>
> + vlc_mutex_unlock( &priv->p_item->lock );
> +
> InitTitle( p_input );
> }
>
> --
> 2.21.0
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list