Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avfilter/asrc_flite: Fix use-after-frees

Browse Source 
When an flite filter instance is uninitialized and the refcount
of the corresponding voice_entry reaches zero, the voice is
unregistered, yet the voice_entry's pointer to the voice is not reset.
(Whereas some other pointers are needlessly reset.)
Because of this a new flite filter instance will believe said voice
to already be registered, leading to use-after-frees.
Fix this by resetting the right pointer instead of the wrong ones.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
pull/370/head
Andreas Rheinhardt 3 years ago
parent 304cc03798
commit 18ddb25c7a
1 changed files with 3 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      libavfilter/asrc_flite.c

6
libavfilter/asrc_flite.c
Unescape View File

@ -197,10 +197,10 @@ static av_cold void uninit(AVFilterContext *ctx)
FliteContext *flite = ctx->priv;
if (flite->voice_entry) {
if (!--flite->voice_entry->usage_count)
if (!--flite->voice_entry->usage_count) {
flite->voice_entry->unregister_fn(flite->voice);
flite->voice = NULL;
flite->voice_entry = NULL;
flite->voice_entry->voice = NULL;
}
}
delete_wave(flite->wave);
flite->wave = NULL;

Write Preview
Loading…
Cancel
Save