[vlc-commits] packetizer: hevc: fix use after free regression

2018-02-02 Thread Francois Cartegnie 
vlc/vlc-3.0 | branch: master | Francois Cartegnie  | Tue Jan 
30 14:06:16 2018 +0100| [da339b030032d17b6bda810d9a4dcf98a99b446e] | committer: 
Jean-Baptiste Kempf

packetizer: hevc: fix use after free regression

(cherry picked from commit 4e15e79f66418a0b8a433d8a1f23501176759e83)
Signed-off-by: Jean-Baptiste Kempf 

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=da339b030032d17b6bda810d9a4dcf98a99b446e
---

 modules/packetizer/hevc.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/modules/packetizer/hevc.c b/modules/packetizer/hevc.c
index 7f8c930317..d5c6b11f14 100644
--- a/modules/packetizer/hevc.c
+++ b/modules/packetizer/hevc.c
@@ -345,6 +345,7 @@ static bool InsertXPS(decoder_t *p_dec, uint8_t i_nal_type, 
uint8_t i_id,
 {
 decoder_sys_t *p_sys = p_dec->p_sys;
 void **pp_decoded;
+void **pp_active;
 block_t **pp_nal;
 
 switch(i_nal_type)
@@ -354,18 +355,21 @@ static bool InsertXPS(decoder_t *p_dec, uint8_t 
i_nal_type, uint8_t i_id,
 return false;
 pp_decoded = _sys->rg_vps[i_id].p_decoded;
 pp_nal = _sys->rg_vps[i_id].p_nal;
+pp_active = (void**)_sys->p_active_vps;
 break;
 case HEVC_NAL_SPS:
 if(i_id > HEVC_SPS_ID_MAX)
 return false;
 pp_decoded = _sys->rg_sps[i_id].p_decoded;
 pp_nal = _sys->rg_sps[i_id].p_nal;
+pp_active = (void**)_sys->p_active_sps;
 break;
 case HEVC_NAL_PPS:
 if(i_id > HEVC_PPS_ID_MAX)
 return false;
 pp_decoded = _sys->rg_pps[i_id].p_decoded;
 pp_nal = _sys->rg_pps[i_id].p_nal;
+pp_active = (void**)_sys->p_active_pps;
 break;
 default:
 return false;
@@ -386,8 +390,13 @@ static bool InsertXPS(decoder_t *p_dec, uint8_t 
i_nal_type, uint8_t i_id,
 hevc_rbsp_release_pps(*pp_decoded);
 break;
 }
+if(*pp_active == *pp_decoded)
+*pp_active = NULL;
+else
+pp_active = NULL; /* don't change pointer */
 *pp_decoded = NULL;
 }
+else pp_active = NULL;
 
 /* Free raw stored version */
 if(*pp_nal)
@@ -429,6 +438,9 @@ static bool InsertXPS(decoder_t *p_dec, uint8_t i_nal_type, 
uint8_t i_id,
 break;
 }
 
+if(*pp_decoded && pp_active) /* restore active by id */
+*pp_active = *pp_decoded;
+
 *pp_nal = block_Duplicate((block_t *)p_nalb);
 
 return true;

___
vlc-commits mailing list
vlc-commits@videolan.org
https://mailman.videolan.org/listinfo/vlc-commits

[vlc-commits] packetizer: hevc: fix use after free regression

2018-01-30 Thread Francois Cartegnie 
vlc | branch: master | Francois Cartegnie  | Tue Jan 30 
14:06:16 2018 +0100| [4e15e79f66418a0b8a433d8a1f23501176759e83] | committer: 
Francois Cartegnie

packetizer: hevc: fix use after free regression

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=4e15e79f66418a0b8a433d8a1f23501176759e83
---

 modules/packetizer/hevc.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/modules/packetizer/hevc.c b/modules/packetizer/hevc.c
index 7f8c930317..d5c6b11f14 100644
--- a/modules/packetizer/hevc.c
+++ b/modules/packetizer/hevc.c
@@ -345,6 +345,7 @@ static bool InsertXPS(decoder_t *p_dec, uint8_t i_nal_type, 
uint8_t i_id,
 {
 decoder_sys_t *p_sys = p_dec->p_sys;
 void **pp_decoded;
+void **pp_active;
 block_t **pp_nal;
 
 switch(i_nal_type)
@@ -354,18 +355,21 @@ static bool InsertXPS(decoder_t *p_dec, uint8_t 
i_nal_type, uint8_t i_id,
 return false;
 pp_decoded = _sys->rg_vps[i_id].p_decoded;
 pp_nal = _sys->rg_vps[i_id].p_nal;
+pp_active = (void**)_sys->p_active_vps;
 break;
 case HEVC_NAL_SPS:
 if(i_id > HEVC_SPS_ID_MAX)
 return false;
 pp_decoded = _sys->rg_sps[i_id].p_decoded;
 pp_nal = _sys->rg_sps[i_id].p_nal;
+pp_active = (void**)_sys->p_active_sps;
 break;
 case HEVC_NAL_PPS:
 if(i_id > HEVC_PPS_ID_MAX)
 return false;
 pp_decoded = _sys->rg_pps[i_id].p_decoded;
 pp_nal = _sys->rg_pps[i_id].p_nal;
+pp_active = (void**)_sys->p_active_pps;
 break;
 default:
 return false;
@@ -386,8 +390,13 @@ static bool InsertXPS(decoder_t *p_dec, uint8_t 
i_nal_type, uint8_t i_id,
 hevc_rbsp_release_pps(*pp_decoded);
 break;
 }
+if(*pp_active == *pp_decoded)
+*pp_active = NULL;
+else
+pp_active = NULL; /* don't change pointer */
 *pp_decoded = NULL;
 }
+else pp_active = NULL;
 
 /* Free raw stored version */
 if(*pp_nal)
@@ -429,6 +438,9 @@ static bool InsertXPS(decoder_t *p_dec, uint8_t i_nal_type, 
uint8_t i_id,
 break;
 }
 
+if(*pp_decoded && pp_active) /* restore active by id */
+*pp_active = *pp_decoded;
+
 *pp_nal = block_Duplicate((block_t *)p_nalb);
 
 return true;

___
vlc-commits mailing list
vlc-commits@videolan.org
https://mailman.videolan.org/listinfo/vlc-commits