vlc | branch: master | Hugo Beauzée-Luyssen <[email protected]> | Thu Sep 19 13:55:23 2019 +0200| [49f41654459f3231f112b009d1c41617cd201881] | committer: Hugo Beauzée-Luyssen
preparser: Fix potential use after free If the art fetcher completes before ReqHold gets called, we will end up releasing the request before holding it for the art fetcher, causing a use after free when the task gets released by the background worker invokes TerminateTask > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=49f41654459f3231f112b009d1c41617cd201881 --- src/preparser/preparser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/preparser/preparser.c b/src/preparser/preparser.c index 51e2c3e311..723feb96dc 100644 --- a/src/preparser/preparser.c +++ b/src/preparser/preparser.c @@ -203,13 +203,14 @@ static void PreparserCloseInput( void* preparser_, void* task_ ) if( preparser->fetcher && (req->options & META_REQUEST_OPTION_FETCH_ANY) ) { task->preparse_status = status; + ReqHold(task->req); if (!input_fetcher_Push(preparser->fetcher, item, req->options & META_REQUEST_OPTION_FETCH_ANY, &input_fetcher_callbacks, task)) { - ReqHold(task->req); return; } + ReqRelease(task->req); } free(task); _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
