Commit 17bd88b9 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Revert "libvlc: delete preparser before interfaces"

This reverts commit 9e9b2274.

The preparser must obviously outlive the playlist (and thus interfaces).
This fixes use after free:

ERROR: AddressSanitizer: heap-use-after-free on address 0x611000005548 at pc 0x7fad5e11bffa bp 0x7fad50daac10 sp 0x7fad50daac08
READ of size 8 at 0x611000005548 thread T1
    #0 0x7fad5e11bff9 in playlist_preparser_fetcher_Push ../../src/playlist/preparser.c:128
    #1 0x7fad5e0e7640 in libvlc_ArtRequest ../../src/libvlc.c:648
    #2 0x7fad5e10ad37 in PlayItem ../../src/playlist/thread.c:232
    #3 0x7fad5e10d167 in Next ../../src/playlist/thread.c:478
    #4 0x7fad5e10d448 in Thread ../../src/playlist/thread.c:501
    #5 0x7fad5fba3463 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7463)
    #6 0x7fad5f6dce5c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8e5c)

0x611000005548 is located 8 bytes inside of 208-byte region [0x611000005540,0x611000005610)
freed by thread T0 here:
    #0 0x7fad60ea69d0 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc19d0)
    #1 0x7fad5e11cf8f in playlist_preparser_Delete ../../src/playlist/preparser.c:184
    #2 0x7fad5e0e6b53 in libvlc_InternalCleanup ../../src/libvlc.c:512
    #3 0x7fad60b2ed14 in libvlc_release ../../lib/core.c:105
    #4 0x4024da in main ../../bin/vlc.c:275
    #5 0x7fad5f6145ef in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x205ef)

previously allocated by thread T0 here:
    #0 0x7fad60ea6ce8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1ce8)
    #1 0x7fad5e11b3cd in playlist_preparser_New ../../src/playlist/preparser.c:74
    #2 0x7fad5e0e62a2 in libvlc_InternalInit ../../src/libvlc.c:374
    #3 0x7fad60b2e6d3 in libvlc_new ../../lib/core.c:59
    #4 0x4022dd in main ../../bin/vlc.c:228
    #5 0x7fad5f6145ef in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x205ef)

Thread T1 created by T0 here:
    #0 0x7fad60e15f19 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f19)
    #1 0x7fad5e30d9f6 in vlc_clone_attr ../../src/posix/thread.c:484
    #2 0x7fad5e30dbd8 in vlc_clone ../../src/posix/thread.c:496
    #3 0x7fad5e1091a9 in playlist_Activate ../../src/playlist/thread.c:54
    #4 0x7fad5e1117a0 in playlist_Create ../../src/playlist/engine.c:299
    #5 0x7fad5e106139 in intf_GetPlaylist ../../src/interface/interface.c:149
    #6 0x7fad5e1061d9 in intf_InsertItem ../../src/interface/interface.c:165
    #7 0x7fad5e0e72f7 in GetFilenames ../../src/libvlc.c:605
    #8 0x7fad5e0e6979 in libvlc_InternalInit ../../src/libvlc.c:488
    #9 0x7fad60b2e6d3 in libvlc_new ../../lib/core.c:59
    #10 0x4022dd in main ../../bin/vlc.c:228
    #11 0x7fad5f6145ef in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x205ef)

SUMMARY: AddressSanitizer: heap-use-after-free ../../src/playlist/preparser.c:128 in playlist_preparser_fetcher_Push
parent e4b6a1f7
......@@ -508,9 +508,6 @@ void libvlc_InternalCleanup( libvlc_int_t *p_libvlc )
{
libvlc_priv_t *priv = libvlc_priv (p_libvlc);
if (priv->parser != NULL)
playlist_preparser_Delete(priv->parser);
/* Ask the interfaces to stop and destroy them */
msg_Dbg( p_libvlc, "removing all interfaces" );
libvlc_Quit( p_libvlc );
......@@ -539,6 +536,9 @@ void libvlc_InternalCleanup( libvlc_int_t *p_libvlc )
}
#endif
if (priv->parser != NULL)
playlist_preparser_Delete(priv->parser);
vlc_DeinitActions( p_libvlc, priv->actions );
/* Save the configuration */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment