From 9cedabae5ac8971d5b749966b1b6e81de5a8001d Mon Sep 17 00:00:00 2001
From: Matthew Waters <matthew@centricular.com>
Date: Tue, 2 Apr 2024 12:17:50 +1100
Subject: [PATCH] gl/context/cocoa: ensure pixel format lives as long as the
 context

Under some circumstances, the CGLPixelFormatObj was being destroyed too
early which could lead to potential use-after-frees.

Fix by returning a reference when asked for the pixel format.

Fixes: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3154
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6524>
---
 .../gst-libs/gst/gl/cocoa/gstglcontext_cocoa.m        | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/subprojects/gst-plugins-base/gst-libs/gst/gl/cocoa/gstglcontext_cocoa.m b/subprojects/gst-plugins-base/gst-libs/gst/gl/cocoa/gstglcontext_cocoa.m
index 21ff951f0d..4868069e1a 100644
--- a/subprojects/gst-plugins-base/gst-libs/gst/gl/cocoa/gstglcontext_cocoa.m
+++ b/subprojects/gst-plugins-base/gst-libs/gst/gl/cocoa/gstglcontext_cocoa.m
@@ -170,7 +170,9 @@ gst_gl_context_cocoa_dump_pixel_format (CGLPixelFormatObj fmt)
 CGLPixelFormatObj
 gst_gl_context_cocoa_get_pixel_format (GstGLContextCocoa *context)
 {
-  return context->priv->pixel_format;
+  if (context->priv->pixel_format)
+    return CGLRetainPixelFormat (context->priv->pixel_format);
+  return NULL;
 }
 
 static GstStructure *
@@ -262,6 +264,7 @@ gst_gl_context_cocoa_create_context (GstGLContext *context, GstGLAPI gl_api,
     gint profile;
 
     fmt = CGLGetPixelFormat (priv->external_gl_context);
+    CGLRetainPixelFormat (fmt);
 
 #if MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
     /* core profile is only available in >= 10.7 */
@@ -307,6 +310,7 @@ gst_gl_context_cocoa_create_context (GstGLContext *context, GstGLAPI gl_api,
   if (ret != kCGLNoError) {
     g_set_error (error, GST_GL_CONTEXT_ERROR, GST_GL_CONTEXT_ERROR_CREATE_CONTEXT,
         "failed to create context: %s", CGLErrorString (ret));
+    CGLReleasePixelFormat (fmt);
     goto error;
   }
 
@@ -358,6 +362,11 @@ gst_gl_context_cocoa_destroy_context (GstGLContext *context)
     CGLDestroyContext(context_cocoa->priv->gl_context);
     context_cocoa->priv->gl_context = NULL;
   }
+
+  if (context_cocoa->priv->pixel_format) {
+    CGLReleasePixelFormat(context_cocoa->priv->pixel_format);
+    context_cocoa->priv->pixel_format = NULL;
+  }
 }
 
 static guintptr