[vlc-devel] [PATCH] input: decoder: fix NULL deref on early cancellation
Thomas Guillem
thomas at gllm.fr
Tue Mar 10 08:45:49 CET 2020
On Tue, Mar 10, 2020, at 08:36, Rémi Denis-Courmont wrote:
> Le maanantaina 9. maaliskuuta 2020, 23.50.55 EET Francois Cartegnie a écrit :
> > ---
> > src/input/decoder.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/input/decoder.c b/src/input/decoder.c
> > index d868c21f23..998a2816bb 100644
> > --- a/src/input/decoder.c
> > +++ b/src/input/decoder.c
> > @@ -650,7 +650,8 @@ static picture_t *ModuleThread_NewVideoBuffer( decoder_t
> > *p_dec ) {
> > struct decoder_owner *p_owner = dec_get_owner( p_dec );
> > assert( p_owner->p_vout );
> > -
> > + if( p_owner->out_pool == NULL )
> > + return NULL;
> > picture_t *pic = picture_pool_Wait( p_owner->out_pool );
> > if (pic)
> > picture_Reset( pic );
>
> This can only happen if a decoder tries to allocate a picture out of
> synchronization with setting the output video format. In that case, the
> problem is not fixed by the patch, since you could also have a pool with the
> wrong format in that case, leading to memory corruption.
>
> So -1. This needs a fix in the affected decoder.
Indeed, it can also happen if a module request a picture after a failing call to UpdateVideoFormat/Output().
In that case, the module need to be fixed.
Also, cf. my previous mail, I think that a patch belongs in core too.
>
> --
> 雷米‧德尼-库尔蒙
> http://www.remlab.net/
>
>
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list