mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2025-01-02 05:28:48 +00:00
Code Issues 1 Projects Releases Wiki Activity

libs: decoder: h264: Avoid using picture after it has been free

Browse source 
In some cases, the found_picture ended up being evicted and freed, which
would lead to a use after free when accessing picture->base.poc. In this
fix, we take a ref on the picture before calling dpb_evict.

https://bugzilla.gnome.org/show_bug.cgi?id=787124
This commit is contained in:
Nicolas Dufresne 2018-08-27 20:42:15 -04:00
parent 7a120c7a72
commit 2922439bc2
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
gst-libs/gst/vaapi/gstvaapidecoder_h264.c
View file

@ -942,16 +942,22 @@ dpb_bump (GstVaapiDecoderH264 * decoder, GstVaapiPictureH264 * picture)
if (found_index < 0)
return FALSE;
gst_vaapi_picture_ref (found_picture);
if (picture && picture->base.poc != found_picture->base.poc)
dpb_output_other_views (decoder, found_picture, found_picture->base.voc);
success = dpb_output (decoder, priv->dpb[found_index]);
dpb_evict (decoder, found_picture, found_index);
if (priv->max_views == 1)
return success;
goto done;
if (picture && picture->base.poc != found_picture->base.poc)
dpb_output_other_views (decoder, found_picture, G_MAXUINT32);
done:
gst_vaapi_picture_unref (found_picture);
return success;
}