[Libva] [PATCH] Fix use-after-free in vaTerminate
Nikolay Martynov
mar.kolya at gmail.com
Thu Jun 5 18:29:32 PDT 2014
Hi.
Well, I guess in the essence yes - this is all about the same issue.
Although I'm experiencing 'real life' problems because of this. I'm
using libvdpau-va-gl to speed up flash video decoding and flash plugin
crashes each time I try to fast forward video. That patches fixes the
crash.
I have Ubuntu 14.04 on Intel based laptop.
Thanks.
Nikolay.
2014-06-05 20:41 GMT-04:00 Xiang, Haihao <haihao.xiang at intel.com>:
>
>
> Thanks for the patch, is your issue similar to the following issue ?
>
> https://bugs.freedesktop.org/show_bug.cgi?id=79587
>
> The above issue has been fixed on the staging branch.
>
> http://cgit.freedesktop.org/libva/commit/va/va.c?h=staging&id=d4988142a3f2256e38c5c5cdcdfc1b4f5f3c1ea9
>
>
> Thanks
> Haihao
>
>
>> It looks like vaTerminate uses display content after it have been freed.
>> This patch moves destruction after all usage.
>>
>> Signed-off-by: Nikolay Martynov <mar.kolya at gmail.com>
>> ---
>> va/va.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/va/va.c b/va/va.c
>> index c770f0d..4f3be28 100644
>> --- a/va/va.c
>> +++ b/va/va.c
>> @@ -515,15 +515,15 @@ VAStatus vaTerminate (
>> free(old_ctx->vtable_vpp);
>> old_ctx->vtable_vpp = NULL;
>>
>> - if (VA_STATUS_SUCCESS == vaStatus)
>> - pDisplayContext->vaDestroy(pDisplayContext);
>> -
>> VA_TRACE_LOG(va_TraceTerminate, dpy);
>>
>> va_TraceEnd(dpy);
>>
>> va_FoolEnd(dpy);
>>
>> + if (VA_STATUS_SUCCESS == vaStatus)
>> + pDisplayContext->vaDestroy(pDisplayContext);
>> +
>> return vaStatus;
>> }
>>
>
>
--
Martynov Nikolay.
Email: mar.kolya at gmail.com
More information about the Libva
mailing list