From 2ed1760c88f348a72199aefd58ab3ff5ce06a35d Mon Sep 17 00:00:00 2001 From: "Dr.Smile" Date: Sun, 14 Jul 2019 02:27:15 +0300 Subject: renderer: fix incorrect deallocation shift_event() can change "bitmap" field of ASS_Image struct so direct deallocation is no longer possible. This commit introduces additional field "buffer" into ASS_ImagePriv for that purpose. Fixes https://github.com/libass/libass/issues/310. --- libass/ass_render.c | 9 ++++----- libass/ass_render.h | 1 + 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libass/ass_render.c b/libass/ass_render.c index 0c4d204..45f3be6 100644 --- a/libass/ass_render.c +++ b/libass/ass_render.c @@ -179,6 +179,7 @@ static ASS_Image *my_draw_bitmap(unsigned char *bitmap, int bitmap_w, img->source = source; ass_cache_inc_ref(source); + img->buffer = source ? NULL : bitmap; img->ref_count = 0; return &img->result; @@ -754,8 +755,8 @@ static void blend_vector_clip(ASS_Renderer *render_priv, ASS_Image *head) cur->stride = ns; } - cur->bitmap = nbuffer; ASS_ImagePriv *priv = (ASS_ImagePriv *) cur; + priv->buffer = cur->bitmap = nbuffer; ass_cache_dec_ref(priv->source); priv->source = NULL; } @@ -3138,10 +3139,8 @@ void ass_frame_unref(ASS_Image *img) do { ASS_ImagePriv *priv = (ASS_ImagePriv *) img; img = img->next; - if (priv->source) - ass_cache_dec_ref(priv->source); - else - ass_aligned_free(priv->result.bitmap); + ass_cache_dec_ref(priv->source); + ass_aligned_free(priv->buffer); free(priv); } while (img); } diff --git a/libass/ass_render.h b/libass/ass_render.h index e654a94..4558575 100644 --- a/libass/ass_render.h +++ b/libass/ass_render.h @@ -52,6 +52,7 @@ typedef struct { ASS_Image result; CompositeHashValue *source; + unsigned char *buffer; size_t ref_count; } ASS_ImagePriv; -- cgit v1.2.3