[vlc-devel] [PATCH] preparser: Fix potential use after free
Hugo Beauzée-Luyssen
hugo at beauzee.fr
Thu Sep 19 13:57:05 CEST 2019
If the art fetcher completes before ReqHold gets called, we will end up
releasing the request before holding it for the art fetcher, causing a
use after free when the task gets released by the background worker
invokes TerminateTask
---
src/preparser/preparser.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/preparser/preparser.c b/src/preparser/preparser.c
index 51e2c3e311..723feb96dc 100644
--- a/src/preparser/preparser.c
+++ b/src/preparser/preparser.c
@@ -203,13 +203,14 @@ static void PreparserCloseInput( void* preparser_, void* task_ )
if( preparser->fetcher && (req->options & META_REQUEST_OPTION_FETCH_ANY) )
{
task->preparse_status = status;
+ ReqHold(task->req);
if (!input_fetcher_Push(preparser->fetcher, item,
req->options & META_REQUEST_OPTION_FETCH_ANY,
&input_fetcher_callbacks, task))
{
- ReqHold(task->req);
return;
}
+ ReqRelease(task->req);
}
free(task);
--
2.20.1
More information about the vlc-devel
mailing list