vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen <h...@beauzee.fr> | Wed Feb 14 12:28:17 2018 +0100| [45956905cd229a12d3b686f35acaaf9d8e947488] | committer: Hugo Beauzée-Luyssen
playlist: Fix use after free Nodes shouldn't be inserted in the playlist item array. ChangeToNode is expected to remove it, but in case the item is created as a node, it would still lay there, causing potential use after free. Fix #19701 (cherry picked from commit 70174a131ac045b33a8db417e7c626ec67cb0f53) Signed-off-by: Hugo Beauzée-Luyssen <h...@beauzee.fr> > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=45956905cd229a12d3b686f35acaaf9d8e947488 --- src/playlist/item.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/playlist/item.c b/src/playlist/item.c index 3f4e782177..c0928fecd6 100644 --- a/src/playlist/item.c +++ b/src/playlist/item.c @@ -533,7 +533,8 @@ playlist_item_t * playlist_NodeAddInput( playlist_t *p_playlist, if( unlikely(p_item == NULL) ) return NULL; - ARRAY_APPEND(p_playlist->items, p_item); + if( p_input->i_type != ITEM_TYPE_NODE ) + ARRAY_APPEND(p_playlist->items, p_item); playlist_NodeInsert( p_parent, p_item, i_pos ); playlist_SendAddNotify( p_playlist, p_item ); _______________________________________________ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits