[vlc-devel] [PATCH] decoder: fix out_pool NULL deref

Thomas Guillem thomas at gllm.fr
Tue Mar 10 14:02:53 CET 2020



On Tue, Mar 10, 2020, at 08:56, Thomas Guillem wrote:
> Once the format is configured, a decoder module can request new picture_t via
> decoder_NewPicture() asynchronously. Therefore, the out_pool need to outlive
> the decoder module.
> 
> This patch fixes a NULL deref from decoder_NewPicture() when the decoder is
> being destroyed. Indeed, the module need to be unloaded before the out_pool is
> destroyed.
> ---
>  src/input/decoder.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/input/decoder.c b/src/input/decoder.c
> index d868c21f23..7dbc2b8f8d 100644
> --- a/src/input/decoder.c
> +++ b/src/input/decoder.c
> @@ -1962,13 +1962,13 @@ static void DeleteDecoder( decoder_t * p_dec )
>      msg_Dbg( p_dec, "killing decoder fourcc `%4.4s'",
>               (char*)&p_dec->fmt_in.i_codec );
>  
> +    decoder_Clean( p_dec );
>      const enum es_format_category_e i_cat =p_dec->fmt_in.i_cat;

The decoder_Clean() should be done just after fetching the category.

This caused invalid state in the player since the vout was not stopped.


>      if ( p_owner->out_pool )
>      {
>          picture_pool_Release( p_owner->out_pool );
>          p_owner->out_pool = NULL;
>      }
> -    decoder_Clean( p_dec );
>  
>      if (p_owner->vctx)
>          vlc_video_context_Release( p_owner->vctx );
> -- 
> 2.20.1
> 
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel


More information about the vlc-devel mailing list