vlc | branch: master | Hugo Beauzée-Luyssen <h...@beauzee.fr> | Wed Feb 14 
12:28:17 2018 +0100| [70174a131ac045b33a8db417e7c626ec67cb0f53] | committer: 
Hugo Beauzée-Luyssen

playlist: Fix use after free

Nodes shouldn't be inserted in the playlist item array. ChangeToNode is
expected to remove it, but in case the item is created as a node, it
would still lay there, causing potential use after free.

Fix #19701

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=70174a131ac045b33a8db417e7c626ec67cb0f53
---

 src/playlist/item.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/playlist/item.c b/src/playlist/item.c
index 3f4e782177..c0928fecd6 100644
--- a/src/playlist/item.c
+++ b/src/playlist/item.c
@@ -533,7 +533,8 @@ playlist_item_t * playlist_NodeAddInput( playlist_t 
*p_playlist,
     if( unlikely(p_item == NULL) )
         return NULL;
 
-    ARRAY_APPEND(p_playlist->items, p_item);
+    if( p_input->i_type != ITEM_TYPE_NODE )
+        ARRAY_APPEND(p_playlist->items, p_item);
 
     playlist_NodeInsert( p_parent, p_item, i_pos );
     playlist_SendAddNotify( p_playlist, p_item );

_______________________________________________
vlc-commits mailing list
vlc-commits@videolan.org
https://mailman.videolan.org/listinfo/vlc-commits

Reply via email to