RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avfilter/asrc_flite: Fix use-after-frees 

When an flite filter instance is uninitialized and the refcount
of the corresponding voice_entry reaches zero, the voice is
unregistered, yet the voice_entry's pointer to the voice is not reset.
(Whereas some other pointers are needlessly reset.)
Because of this a new flite filter instance will believe said voice
to already be registered, leading to use-after-frees.
Fix this by resetting the right pointer instead of the wrong ones.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This commit is contained in:
Andreas Rheinhardt 2021-10-06 17:21:04 +02:00
parent 304cc03798
commit 18ddb25c7a
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavfilter/asrc_flite.c
View File

@ -197,10 +197,10 @@ static av_cold void uninit(AVFilterContext *ctx)
FliteContext *flite = ctx->priv; FliteContext *flite = ctx->priv;
if (flite->voice_entry) { if (flite->voice_entry) {
if (!--flite->voice_entry->usage_count) if (!--flite->voice_entry->usage_count) {
flite->voice_entry->unregister_fn(flite->voice); flite->voice_entry->unregister_fn(flite->voice);
flite->voice = NULL; flite->voice_entry->voice = NULL;
flite->voice_entry = NULL; }
} }
delete_wave(flite->wave); delete_wave(flite->wave);
flite->wave = NULL; flite->wave = NULL;