[vlc-devel] [PATCH] decoder: fix out_pool NULL deref
Thomas Guillem
thomas at gllm.fr
Tue Mar 10 14:02:53 CET 2020
On Tue, Mar 10, 2020, at 08:56, Thomas Guillem wrote:
> Once the format is configured, a decoder module can request new picture_t via
> decoder_NewPicture() asynchronously. Therefore, the out_pool need to outlive
> the decoder module.
>
> This patch fixes a NULL deref from decoder_NewPicture() when the decoder is
> being destroyed. Indeed, the module need to be unloaded before the out_pool is
> destroyed.
> ---
> src/input/decoder.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/input/decoder.c b/src/input/decoder.c
> index d868c21f23..7dbc2b8f8d 100644
> --- a/src/input/decoder.c
> +++ b/src/input/decoder.c
> @@ -1962,13 +1962,13 @@ static void DeleteDecoder( decoder_t * p_dec )
> msg_Dbg( p_dec, "killing decoder fourcc `%4.4s'",
> (char*)&p_dec->fmt_in.i_codec );
>
> + decoder_Clean( p_dec );
> const enum es_format_category_e i_cat =p_dec->fmt_in.i_cat;
The decoder_Clean() should be done just after fetching the category.
This caused invalid state in the player since the vout was not stopped.
> if ( p_owner->out_pool )
> {
> picture_pool_Release( p_owner->out_pool );
> p_owner->out_pool = NULL;
> }
> - decoder_Clean( p_dec );
>
> if (p_owner->vctx)
> vlc_video_context_Release( p_owner->vctx );
> --
> 2.20.1
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list