[MPlayer-dev-eng] [PATCH] fix use-after-free in vo_vdpau
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Tue Oct 15 21:05:55 CEST 2013
On Tue, Oct 15, 2013 at 08:59:48PM +0200, Reimar Döffinger wrote:
> On Tue, Oct 15, 2013 at 12:46:06PM +0400, Rinat Ibragimov wrote:
> >
> > Вторник, 15 октября 2013, 8:24 +02:00 от Reimar Döffinger <Reimar.Doeffinger at gmx.de>:
> > > On 14.10.2013, at 22:01, Alexander Strasser <eclipse7 at gmx.net> wrote:
> > > > Hi,
> > > >
> > > > On 2013-10-14 19:56 +0400, Rinat Ibragimov wrote:
> > > >> Hi, I've faced use-after-free in vo_vdpau.c. The issue may arise when one switches to
> > > >> next video in playlist. Here is a patch that should prevent that.
> > > >
> > > > keeping allocated arrays and associated size fields in sync,
> > > > seems like a good idea to me. Beware I didn't read the code
> > > > closely so there might well be more underlying problems.
> > >
> > > Since the pointers are set to NULL I can't see how a use-after-free would happen, a valgrind log would help.
> >
> > It's not exactly use-after-free, more like NULL pointer dereference. Sorry for misleading.
>
> That makes more sense, however your approach isn't quite right IMHO.
> The sizes are not set to 0 here, because they are not supposed to be
> used at any point after uninit.
> What went wrong here is actually that in preinit we end up using
> those _size variables right before we initialize them (to 0).
> Which is kind of the reason why I kind of prefer not setting the
> counts to 0 in uninit, since that should result in such relatively easy
> to debug crashes (I kind of follow the crashes == next best
> thing after bug-free philosophy).
> I never noticed it because I usually use -fixed-vo and rarely
> play more than one video anyway.
> I believe it should be fixed in r36467.
And I forgot to say: nice project.
Since we never got anywhere with integrating libva support in
MPlayer it is great if users will have another option besides
third-party patches.
Though with native VPDAU support even in AMD OpenSource drivers
maybe Intel will change their mind, too, and give up on libva :-)
More information about the MPlayer-dev-eng
mailing list