virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-14 22:22:59 +02:00
Code Issues Releases Activity

avfilter/asrc_flite: Fix use-after-frees

Browse Source 
When an flite filter instance is uninitialized and the refcount
of the corresponding voice_entry reaches zero, the voice is
unregistered, yet the voice_entry's pointer to the voice is not reset.
(Whereas some other pointers are needlessly reset.)
Because of this a new flite filter instance will believe said voice
to already be registered, leading to use-after-frees.
Fix this by resetting the right pointer instead of the wrong ones.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This commit is contained in:
Andreas Rheinhardt 2021-10-06 17:21:04 +02:00
parent 304cc03798
commit 18ddb25c7a
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavfilter/asrc_flite.c
View File

@ -197,10 +197,10 @@ static av_cold void uninit(AVFilterContext *ctx)
FliteContext *flite = ctx->priv;
if (flite->voice_entry) {
if (!--flite->voice_entry->usage_count)
if (!--flite->voice_entry->usage_count) {
flite->voice_entry->unregister_fn(flite->voice);
flite->voice = NULL;
flite->voice_entry = NULL;
flite->voice_entry->voice = NULL;
}
}
delete_wave(flite->wave);
flite->wave = NULL;