From patchwork Thu Oct 7 09:31:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 30961 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:6506:0:0:0:0:0 with SMTP id z6csp1284561iob; Thu, 7 Oct 2021 02:32:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwjRNO9lBdysVucDiAu2uDj5C9I4FPH6QFRp2J3zygo5L6IfQ3TNRJcpwm1FqBBjrq+CRT3 X-Received: by 2002:a17:907:9908:: with SMTP id ka8mr4603720ejc.164.1633599154930; Thu, 07 Oct 2021 02:32:34 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id l4si38587182ejo.650.2021.10.07.02.32.34; Thu, 07 Oct 2021 02:32:34 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=V5JA77wZ; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DB2E86802B6; Thu, 7 Oct 2021 12:31:57 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-oln040092074015.outbound.protection.outlook.com [40.92.74.15]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A12EB68A43D for ; Thu, 7 Oct 2021 12:31:55 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UlJXUuYHTiKT6dxQAVx0iKc3GD5A5L/TfX5AbW4v/j7DLBcilka8u3s2QkKUFyOSeYJar0iM2iOEfCupsSvuhxwPx47FkPCVzwqGyygphZExYlkZjwcb2JPb3nX3HiAOEP0CzxBfDUvmUh3HSrfETGpKa1bOqzveJEzF8YrVKMCqFaIRHeMEO/C1ioqMeA7evg9funmQV9+DBDuOpCWkp35gPnE6m/8QAGvUSq/fhHr0EfKqWC5Y1bR/2I0UQpQ7BN1nAruygCfmwdJ2x95/xzrht1Ot6BP2X9mU1DAzbzPF5OQ2atXRyZoXkC2h65idaWUw52tbWq9/c7g7xFNW2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dsS2jNqD73ks/8rWknmvuwtL+92xtQB6Sxdk8JeUG10=; b=aEhEe3aLOXiqCJX2XhUK+To/MfFIm8dB/6CMCOlPGC7ZM4C1MSvDhGVJE7sFI2o7VFgRy7o26SwLSK7YRB14csYaljsy7RaajZyf1LJ+qQqPelWZHuVV5eJnlkD5zKbrbu+6lLej+S6Wb3PwbdJ3G9W6DNEpQRMaDiCGW0NoC3JZqMdFxdseEVgUTwyrVDZDJu+GjUKkIUhTkfmF189eRNldNpACBBjXaJR1UyGAzn97pu9RXi3rJKcjKsq0PFlAE0PvPUL1uotswHrzZlnl3Np0tfNl/EybaX/j5o74nWwxrcFWEIuHN8qapQe49Bs6hHUl4dJyB/zIdu7tucmN4A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dsS2jNqD73ks/8rWknmvuwtL+92xtQB6Sxdk8JeUG10=; b=V5JA77wZ4C7/lnXzhUfNpzJTiL6awjPaNihRfJY7NBsYVpPVww+ZvezL9HeGJKXE85AobdRTGAO9VWkbZQUEkcLBVkgBLCrTgXDWglb+q0TbvTcAdfsbCyHd8ux3fNR57x2fOFtO1mSTJOCbTM5Sg4tRrhM/Mz1Mx13dTuhBhZEu3gjlW0UgNbQdI7RsU/1kpmzXKEWM4giA//4gLYjrvCMCihA4BNEjIuG2NOIAbgTqgWGkSyu+URWj+IeG1Ep2Scl5VPb6y2jbxx5ExT2SQO/2VVICuTvULRCKluMWYcsHCKFj91XQLSHYZsWQeK0K+afNNntCpDNpPDtQvPtQ3Q== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by AM7PR03MB6325.eurprd03.prod.outlook.com (2603:10a6:20b:13c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.18; Thu, 7 Oct 2021 09:31:41 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::700f:d70b:3bb8:4d51]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::700f:d70b:3bb8:4d51%7]) with mapi id 15.20.4566.022; Thu, 7 Oct 2021 09:31:41 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 7 Oct 2021 11:31:26 +0200 Message-ID: X-Mailer: git-send-email 2.30.2 In-Reply-To: References: X-TMN: [m1fKXa29Zr7j1vhinu/w5x8f+ED7qgtr] X-ClientProxiedBy: VI1PR07CA0161.eurprd07.prod.outlook.com (2603:10a6:802:16::48) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: <20211007093128.684774-5-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.193.170.49) by VI1PR07CA0161.eurprd07.prod.outlook.com (2603:10a6:802:16::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.16 via Frontend Transport; Thu, 7 Oct 2021 09:31:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c8fab1e1-0e9e-4936-e23e-08d989754535 X-MS-Exchange-SLBlob-MailProps: gjx25WM8ZNX0VAkTI1HkVp+VvoCHfVAr8kzTikCt3sK7HKlGiUAEWvZ/26THEKnqxrM+QqysERfd5X3mJ+qV0qPweTjZKjzjZyY4Sey23uCS8DVjCgTt2GQyVubkLEsUXYaawOUG3snLzXcM3UOGB1mOO5yyuGfu6dIDdUFcD3wC59xV/e6jX8HNUCdI9cXHXIgia35ixifn69HDvy64blTR32QnCXVla1mxf7spUULVZbZjHKuDUSKVF9CdKwEDlvC/sfhZvuaXsNQ52FKR2Fz1wLOn28PS3qUTYXNfsfp6pnU6bO2Rmhq9gm2U4/1EVHLexsmQqzeYjImT0kSVeD0MGZwDC8e3IuhXVrlnW98GWJqJHf6CG81m5znQ0F6hIHC+208YfdayS7QbxBfi8CIz5gOq7mgrNlm46x5pRp12UmqxKYf8AgOpsHyFcDCmibKcZebEq7KymM4VAN50Wwh7DEPxKymXOLPtY/x73fuatXdxONLusXBA04g9OTcNPqyIpL35KPXtwlZYto8wBBejn58LwMS4Caw8phGrcU8yLgBmzsGTqoxRl7wa61OIuf1LR+pbO49QZHMzjfPzfk3inBo5tS7NCvun+kulUwE+ukwzOLkgmcJ8n3wvdZe7Yi0jTBnFRZH4HMzfsO1btEOMZ5J7uVj5Xn9mDpaxA4BlCjtb0XdZB53xfbyLMxGKFAXFC5rEZpE74GSNve/YFwWM6LUgxBpMQmgL2AxKRro= X-MS-TrafficTypeDiagnostic: AM7PR03MB6325: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KLrYdYf1/20uJDcIo/2UL+KPT1VY18kR2xy0sxR4HbQvKLtmfy4rXTsPTfFIw5y2gb0L/BcoTR4465D/kAPXjrrKXFeMTUwc5YHLPWrovg0WRKrdiSgugtMJ/e/j9xPK00mBrf+PIV0RDNWaIatJrhZ2FnC573RBkhOZ5celJ2ieAIaO93lErzYhtzPwZsRyb/BN3Mz6Gmy95zzfw93ehe4VHPklQ01OXcoTr3/mXaPtuDRq0maktDLvair825jIzh2+3vgWItVMCwowzsSV9EEIw3/qvnPogZEXh8ygNm4jXFDA7ARNmY6PUw+z14wVLhy9Ch30557fJ7X1DHmNE+IF/5xwMl7Ti9Y4jCeJZ4Bcs5BhKz8bjpPJ00ekVbbafUgdTO0Gg9unpLw/y+AUJQ1QW63p4CTJpXzeveVRQcABoHK+EwwVknfor3WSrvy9 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: l+tanNU9Rwq8wmjp4aSkeXjbBDLnJH/1/WbtEUoXjO/wW241RRCGps0yLeZOEmvNwUjiizfsFIog9VATLY5O0qv60r2h+943osurDMA/7lJlMVtuQ6hNuFxKsBL+tzM57QHI0Q2/l3knWtAM5B0+qQ== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c8fab1e1-0e9e-4936-e23e-08d989754535 X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2021 09:31:41.7343 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR03MB6325 Subject: [FFmpeg-devel] [PATCH 6/8] avfilter/asrc_flite: Fix use-after-frees X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: msiZ7+YiFF6N When an flite filter instance is uninitialized and the refcount of the corresponding voice_entry reaches zero, the voice is unregistered, yet the voice_entry's pointer to the voice is not reset. (Whereas some other pointers are needlessly reset.) Because of this a new flite filter instance will believe said voice to already be registered, leading to use-after-frees. Fix this by resetting the right pointer instead of the wrong ones. Signed-off-by: Andreas Rheinhardt --- libavfilter/asrc_flite.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavfilter/asrc_flite.c b/libavfilter/asrc_flite.c index 0789dd6ff3..bd2ae774de 100644 --- a/libavfilter/asrc_flite.c +++ b/libavfilter/asrc_flite.c @@ -197,10 +197,10 @@ static av_cold void uninit(AVFilterContext *ctx) FliteContext *flite = ctx->priv; if (flite->voice_entry) { - if (!--flite->voice_entry->usage_count) + if (!--flite->voice_entry->usage_count) { flite->voice_entry->unregister_fn(flite->voice); - flite->voice = NULL; - flite->voice_entry = NULL; + flite->voice_entry->voice = NULL; + } } delete_wave(flite->wave); flite->wave = NULL;