vlc/vlc-3.0 | branch: master | Thomas Guillem <[email protected]> | Mon Sep 9 17:44:20 2019 +0200| [00a284a926d2df714561871239e30ae878f60ffb] | committer: Hugo Beauzée-Luyssen
dvdnav: fix possible use-after-free CrashDragon reports an EXCEPTION_ACCESS_VIOLATION_READ in es_out_Control( p_demux->out, ES_OUT_SET_ES_STATE, tk->es ) from ESSubtitleUpdate(). A possible sane reason is that tk->es is not set to NULL when deleted after a DVDNAV_VTS_CHANGE event. CID c103a5eb-7972-4882-9121-bddaed659bec This commit doesn't necessarily fixes this CID that could also be triggered by a random memory corruption in dvdnav. Signed-off-by: Hugo Beauzée-Luyssen <[email protected]> (cherry picked from commit e2dcc0a33634e9500bd18ba47f45021a40f7e450) Signed-off-by: Hugo Beauzée-Luyssen <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=00a284a926d2df714561871239e30ae878f60ffb --- modules/access/dvdnav.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/access/dvdnav.c b/modules/access/dvdnav.c index 61a9157111..4c19de047e 100644 --- a/modules/access/dvdnav.c +++ b/modules/access/dvdnav.c @@ -977,7 +977,11 @@ static int Demux( demux_t *p_demux ) if( tk->b_configured ) { es_format_Clean( &tk->fmt ); - if( tk->es ) es_out_Del( p_demux->out, tk->es ); + if( tk->es ) + { + es_out_Del( p_demux->out, tk->es ); + tk->es = NULL; + } } tk->b_configured = false; } _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
