47 lines
1.8 KiB
Diff
47 lines
1.8 KiB
Diff
From cb16d0b239ef3173bf356a6fe86f30403f285941 Mon Sep 17 00:00:00 2001
|
|
From: Wim Taymans <wtaymans@redhat.com>
|
|
Date: Thu, 16 Aug 2018 11:42:25 +0200
|
|
Subject: [PATCH 2/2] curlhhtpsrc: avoid invalid memory references
|
|
|
|
gst_curl_http_src_remove_queue_item() can free qelement and then
|
|
we get an invalid memory reference when we do qelement->next a
|
|
couple of lines below. Take the next pointer earlier so that we can
|
|
safely free.
|
|
---
|
|
ext/curl/gstcurlhttpsrc.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/ext/curl/gstcurlhttpsrc.c b/ext/curl/gstcurlhttpsrc.c
|
|
index e60ccf531..c1a0bcf5c 100644
|
|
--- a/ext/curl/gstcurlhttpsrc.c
|
|
+++ b/ext/curl/gstcurlhttpsrc.c
|
|
@@ -1509,7 +1509,7 @@ static void
|
|
gst_curl_http_src_curl_multi_loop (gpointer thread_data)
|
|
{
|
|
GstCurlHttpSrcMultiTaskContext *context;
|
|
- GstCurlHttpSrcQueueElement *qelement;
|
|
+ GstCurlHttpSrcQueueElement *qelement, *qnext;
|
|
int i, still_running;
|
|
gboolean cond = FALSE;
|
|
CURLMsg *curl_message;
|
|
@@ -1655,6 +1655,7 @@ gst_curl_http_src_curl_multi_loop (gpointer thread_data)
|
|
} else if (context->state == GSTCURL_MULTI_LOOP_STATE_REQUEST_REMOVAL) {
|
|
qelement = context->queue;
|
|
while (qelement != NULL) {
|
|
+ qnext = qelement->next;
|
|
if (qelement->p == context->request_removal_element) {
|
|
g_mutex_lock (&qelement->p->buffer_mutex);
|
|
curl_multi_remove_handle (context->multi_handle,
|
|
@@ -1668,7 +1669,7 @@ gst_curl_http_src_curl_multi_loop (gpointer thread_data)
|
|
g_mutex_unlock (&qelement->p->buffer_mutex);
|
|
gst_curl_http_src_remove_queue_item (&context->queue, qelement->p);
|
|
}
|
|
- qelement = qelement->next;
|
|
+ qelement = qnext;
|
|
}
|
|
context->request_removal_element = NULL;
|
|
context->state = GSTCURL_MULTI_LOOP_STATE_RUNNING;
|
|
--
|
|
2.17.1
|
|
|