[MPlayer-dev-eng] [PATCH] fix use-after-free in vo_vdpau
Alexander Strasser
eclipse7 at gmx.net
Mon Oct 14 22:01:16 CEST 2013
Hi,
On 2013-10-14 19:56 +0400, Rinat Ibragimov wrote:
> Hi, I've faced use-after-free in vo_vdpau.c. The issue may arise when one switches to
> next video in playlist. Here is a patch that should prevent that.
keeping allocated arrays and associated size fields in sync,
seems like a good idea to me. Beware I didn't read the code
closely so there might well be more underlying problems.
Anyone else can reproduce this? (I am not using vo vdpau ATM.)
Did this start occurring just recently?
Alexander
> Index: libvo/vo_vdpau.c
> ===================================================================
> --- libvo/vo_vdpau.c (revision 36464)
> +++ libvo/vo_vdpau.c (working copy)
> @@ -1203,11 +1203,15 @@
>
> free(index_data);
> index_data = NULL;
> + index_data_size = 0;
>
> free(eosd_surfaces);
> eosd_surfaces = NULL;
> + eosd_surface_count = 0;
> +
> free(eosd_targets);
> eosd_targets = NULL;
> + eosd_render_count = 0;
>
> #ifdef CONFIG_XF86VM
> vo_vm_close();
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20131014/81481e50/attachment.asc>
More information about the MPlayer-dev-eng
mailing list