[vlc-devel] [PATCH v2 01/18] video_output: avoid potential NULL dereference of displayed.current

Steve Lhomme robux4 at ycbcr.xyz
Tue Nov 24 11:46:24 CET 2020


ThreadDisplayPreparePicture() can call ThreadChangeFilters() which will reset
displayed.current so we need to ensure we don't release it again after a call
to ThreadDisplayPreparePicture().
---
 src/video_output/video_output.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/video_output/video_output.c b/src/video_output/video_output.c
index 57ee54e6e8b..cea13d44c4a 100644
--- a/src/video_output/video_output.c
+++ b/src/video_output/video_output.c
@@ -1493,7 +1493,8 @@ static int ThreadDisplayPicture(vout_thread_sys_t *vout, vlc_tick_t *deadline)
                 ThreadDisplayPreparePicture(vout, false, true, &paused);
         }
 
-        picture_Release(sys->displayed.current);
+        if (likely(sys->displayed.current != NULL))
+            picture_Release(sys->displayed.current);
         sys->displayed.current = sys->displayed.next;
         sys->displayed.next    = NULL;
 
@@ -1549,7 +1550,8 @@ static int ThreadDisplayPicture(vout_thread_sys_t *vout, vlc_tick_t *deadline)
                     dropped_current_frame = true;
                     render_now = false;
 
-                    picture_Release(sys->displayed.current);
+                    if (likely(sys->displayed.current != NULL))
+                        picture_Release(sys->displayed.current);
                     sys->displayed.current = sys->displayed.next;
                     sys->displayed.next    = NULL;
                 }
-- 
2.26.2



More information about the vlc-devel mailing list