From 4572f451d65e34ac2119c2cb45da67db6b334bd8 Mon Sep 17 00:00:00 2001
From: Francois Cartegnie <fcvlcdev@free.fr>
Date: Sat, 21 Dec 2013 16:10:01 +0100
Subject: [PATCH] demux: ogg: fix use after free seekpoints.
Also cleans seekpoints between tracks
---
modules/demux/ogg.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/modules/demux/ogg.c b/modules/demux/ogg.c
index 0e87ed227d18..aec84576fd39 100644
--- a/modules/demux/ogg.c
+++ b/modules/demux/ogg.c
@@ -224,8 +224,6 @@ static void Close( vlc_object_t *p_this )
if( p_sys->p_old_stream )
Ogg_LogicalStreamDelete( p_demux, p_sys->p_old_stream );
- TAB_CLEAN( p_sys->i_seekpoints, p_sys->pp_seekpoints );
-
free( p_sys );
}
@@ -716,7 +714,9 @@ static int Control( demux_t *p_demux, int i_query, va_list args )
input_title_t *p_title = (*ppp_title)[0] = vlc_input_title_New();
for( int i = 0; i < p_sys->i_seekpoints; i++ )
{
- TAB_APPEND( p_title->i_seekpoint, p_title->seekpoint, p_sys->pp_seekpoints[i] );
+ seekpoint_t *p_seekpoint_copy = vlc_seekpoint_Duplicate( p_sys->pp_seekpoints[i] );
+ if ( likely( p_seekpoint_copy ) )
+ TAB_APPEND( p_title->i_seekpoint, p_title->seekpoint, p_seekpoint_copy );
}
*pi_title_offset = 0;
*pi_seekpoint_offset = 0;
@@ -1038,7 +1038,6 @@ static void Ogg_DecodePacket( demux_t *p_demux,
p_stream->p_es, &p_stream->fmt );
}
}
-
if( p_stream->i_headers > 0 )
Ogg_ExtractMeta( p_demux, & p_stream->fmt,
p_stream->p_headers, p_stream->i_headers );
@@ -1892,6 +1891,14 @@ static void Ogg_EndOfStream( demux_t *p_demux )
if( p_ogg->p_meta )
vlc_meta_Delete( p_ogg->p_meta );
p_ogg->p_meta = NULL;
+
+ for ( int i=0; i < p_ogg->i_seekpoints; i++ )
+ {
+ if ( p_ogg->pp_seekpoints[i] )
+ vlc_seekpoint_Delete( p_ogg->pp_seekpoints[i] );
+ }
+ TAB_CLEAN( p_ogg->i_seekpoints, p_ogg->pp_seekpoints );
+ p_ogg->i_seekpoints = 0;
}
/**
--
GitLab