[vlc-devel] [PATCH] input: decoder: fix NULL deref on early cancellation
Rémi Denis-Courmont
remi at remlab.net
Tue Mar 10 08:36:25 CET 2020
Le maanantaina 9. maaliskuuta 2020, 23.50.55 EET Francois Cartegnie a écrit :
> ---
> src/input/decoder.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/input/decoder.c b/src/input/decoder.c
> index d868c21f23..998a2816bb 100644
> --- a/src/input/decoder.c
> +++ b/src/input/decoder.c
> @@ -650,7 +650,8 @@ static picture_t *ModuleThread_NewVideoBuffer( decoder_t
> *p_dec ) {
> struct decoder_owner *p_owner = dec_get_owner( p_dec );
> assert( p_owner->p_vout );
> -
> + if( p_owner->out_pool == NULL )
> + return NULL;
> picture_t *pic = picture_pool_Wait( p_owner->out_pool );
> if (pic)
> picture_Reset( pic );
This can only happen if a decoder tries to allocate a picture out of
synchronization with setting the output video format. In that case, the
problem is not fixed by the patch, since you could also have a pool with the
wrong format in that case, leading to memory corruption.
So -1. This needs a fix in the affected decoder.
--
雷米‧德尼-库尔蒙
http://www.remlab.net/
More information about the vlc-devel
mailing list