[vlc-devel] [PATCH] lib: media_player: retain libvlc instance when switching

Alexandre Janniaux ajanni at videolabs.io
Wed Jul 8 17:24:44 CEST 2020


The media_player instance retains and releases the libvlc instance it's
created from. When using a different libvlc instance for media_player
and media, it's using the libvlc instance from the media_t object,
leading to the release of the wrong libvlc instance, and thus potential
use-after-free of one instance and leaks of the other.

It has been spotted since VLCKit creates a shared libvlc instance and
then can create a new libvlc instance in case the VLCMediaPlayer is
created with different options, which means that the VLCMediaPlayer and
the VLCMedia will be bound to different libvlc instances, triggering the
issue described in first paragraph and crashing.

Refs videolan/VLCKit#189, videolan/VLCKit#116
---
 lib/media_player.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/media_player.c b/lib/media_player.c
index 9c7a7a76aad..3e8636facea 100644
--- a/lib/media_player.c
+++ b/lib/media_player.c
@@ -914,6 +914,8 @@ void libvlc_media_player_set_media(
 
     /* The policy here is to ignore that we were created using a different
      * libvlc_instance, because we don't really care */
+    libvlc_retain(p_md->p_libvlc_instance);
+    libvlc_release(p_mi->p_libvlc_instance);
     p_mi->p_libvlc_instance = p_md->p_libvlc_instance;
 
     vlc_player_Unlock(p_mi->player);
-- 
2.27.0



More information about the vlc-devel mailing list