[vlc-devel] [PATCH] preparser: Fix potential use after free
Thomas Guillem
thomas at gllm.fr
Thu Sep 19 13:58:53 CEST 2019
LGTM
On Thu, Sep 19, 2019, at 13:57, Hugo Beauzée-Luyssen wrote:
> If the art fetcher completes before ReqHold gets called, we will end up
> releasing the request before holding it for the art fetcher, causing a
> use after free when the task gets released by the background worker
> invokes TerminateTask
> ---
> src/preparser/preparser.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/preparser/preparser.c b/src/preparser/preparser.c
> index 51e2c3e311..723feb96dc 100644
> --- a/src/preparser/preparser.c
> +++ b/src/preparser/preparser.c
> @@ -203,13 +203,14 @@ static void PreparserCloseInput( void*
> preparser_, void* task_ )
> if( preparser->fetcher && (req->options &
> META_REQUEST_OPTION_FETCH_ANY) )
> {
> task->preparse_status = status;
> + ReqHold(task->req);
> if (!input_fetcher_Push(preparser->fetcher, item,
> req->options &
> META_REQUEST_OPTION_FETCH_ANY,
> &input_fetcher_callbacks, task))
> {
> - ReqHold(task->req);
> return;
> }
> + ReqRelease(task->req);
> }
>
> free(task);
> --
> 2.20.1
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list