vlc | branch: master | Hugo Beauzée-Luyssen <[email protected]> | Thu Feb 6 16:48:36 2020 +0100| [99b00ffb1fe9a371f6df3478a5a2a03a2406e43e] | committer: Hugo Beauzée-Luyssen
background_worker: Fix potential use after free Since we free the task and only then lock the worker mutex to reset the task pointer, there's a window during which another thread could probe the dangling task pointer. Such a case can be seen here: https://code.videolan.org/videolan/medialibrary/-/jobs/351960 > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=99b00ffb1fe9a371f6df3478a5a2a03a2406e43e --- src/misc/background_worker.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/misc/background_worker.c b/src/misc/background_worker.c index acb93cd0df..04014354e9 100644 --- a/src/misc/background_worker.c +++ b/src/misc/background_worker.c @@ -178,13 +178,14 @@ static void background_worker_Destroy(struct background_worker *worker) static void TerminateTask(struct background_thread *thread, struct task *task) { struct background_worker *worker = thread->owner; - task_Destroy(worker, task); vlc_mutex_lock(&worker->lock); thread->task = NULL; worker->uncompleted--; assert(worker->uncompleted >= 0); vlc_mutex_unlock(&worker->lock); + + task_Destroy(worker, task); } static void RemoveThread(struct background_thread *thread) _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
