[MPlayer-dev-eng] [PATCH] fix potential bug in loader/dshow/outputpin.c
Vladimir Voroshilov
voroshil at gmail.com
Sat Feb 10 15:37:13 CET 2007
Hi, Roberto
Thanks for review.
2007/2/10, Roberto Togni <rxt at rtogni.it>:
> On Sat, 10 Feb 2007 15:13:06 +0600
> "Vladimir Voroshilov" <voroshil at gmail.com> wrote:
>
> > Hi, All.
> >
> > DirectShow AM_MEDIA_TYPE structure has pbFormat pointer to additional
> > media type's data.
> >
> > 1. Some methods does copying of this structure without copying
> > additional data, pointed by pbFormat. As result two structures will
> > point to the same block of additional data.
> > Freeing original and copyed structure could cause double free of the
> > same memory region.
>
> In some part of the patch you check for the existence of the additional
> data block by looking at the pointer (amt->pbFormat not NULL)
> [...]
> in other parts you check the length of the data block (amt->cbFormat
> not 0)
> [...]
> Is this wanted? If you're really paranoid you should check both :)
Hm. No. Checking onlypointer will be kept before commit.
>
> Anyway the patch looks ok to me.
>
> I'll try to review your other dshow patches, but as long as they don't
> break anything and nobody comment I think you can apply them, you're
> the only one working on that code now.
I also thinks that this freeing code (and related to media type
structure operations) should be implemented as separate functions
(DeleteMediaType and related). this will simplify code and prevent
such bugs in future. Unfortunately, i don't know where to put this
methods to (win32.c is not good place for me).
--
Regards,
Vladimir Voroshilov mailto:voroshil at gmail.com
JID: voroshil at jabber.ru
ICQ: 95587719
More information about the MPlayer-dev-eng
mailing list