diff options
| author | wm4 <wm4@nowhere> | 2015-02-25 13:31:37 +0100 |
|---|---|---|
| committer | Diogo Franco (Kovensky) <diogomfranco@gmail.com> | 2015-02-26 11:01:25 +0900 |
| commit | cf14511b1decda11c335cadda83e132024088966 (patch) | |
| tree | 46c2d1ff73e8a4a000bcb931c5e2c15ec34804f5 | |
| parent | a6d57d654ab96c1f6ef6420c2932e90ccc28f204 (diff) | |
| download | mpv-cf14511b1decda11c335cadda83e132024088966.tar.bz2 mpv-cf14511b1decda11c335cadda83e132024088966.tar.xz | |
demux_mkv_timeline: fix potential issue when enabling cache
If the cache is enabled, the demuxer is closed and opened again (because
currently, the cache can not be enabled atfer data was already read).
The call for opening a new demuxer uses the same params struct, which
references the ctx->uids array. But there is a MP_TARRAY_GROW()
invocation somewhere on the way, which can reallocate the ctx->uids
array, making params.uids a dangling pointer.
This issue probably existed for a longer time, probably since 5cd33853
(slightly more obvious since f50b105d).
(cherry picked from commit 9349cfca910990d1126b973fd2ca55cb2351d35f)
| -rw-r--r-- | demux/demux_mkv_timeline.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/demux/demux_mkv_timeline.c b/demux/demux_mkv_timeline.c index 63a683274d..548f0016f1 100644 --- a/demux/demux_mkv_timeline.c +++ b/demux/demux_mkv_timeline.c @@ -240,6 +240,7 @@ static bool check_file_seg(struct tl_ctx *ctx, char *filename, int segment) MP_TARRAY_APPEND(NULL, ctx->sources, ctx->num_sources, NULL); } + params.matroska_wanted_uids = ctx->uids; // potentially reallocated, same data if (enable_cache(ctx->global, &s, &d, ¶ms) < 0) continue; |