[Libva] [PATCH] Fix use-after-free in vaTerminate
Nikolay Martynov
mar.kolya at gmail.com
Thu Jun 5 14:25:46 PDT 2014
It looks like vaTerminate uses display content after it have been freed.
This patch moves destruction after all usage.
Signed-off-by: Nikolay Martynov <mar.kolya at gmail.com>
---
va/va.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/va/va.c b/va/va.c
index c770f0d..4f3be28 100644
--- a/va/va.c
+++ b/va/va.c
@@ -515,15 +515,15 @@ VAStatus vaTerminate (
free(old_ctx->vtable_vpp);
old_ctx->vtable_vpp = NULL;
- if (VA_STATUS_SUCCESS == vaStatus)
- pDisplayContext->vaDestroy(pDisplayContext);
-
VA_TRACE_LOG(va_TraceTerminate, dpy);
va_TraceEnd(dpy);
va_FoolEnd(dpy);
+ if (VA_STATUS_SUCCESS == vaStatus)
+ pDisplayContext->vaDestroy(pDisplayContext);
+
return vaStatus;
}
--
1.9.1
More information about the Libva
mailing list