summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwm4 <wm4@nowhere>2016-08-08 11:32:55 +0200
committerwm4 <wm4@nowhere>2016-08-08 11:32:55 +0200
commit469666b75bdf336f6c263faa313d46f5684cc577 (patch)
treee0a5054b4ccb776d9eca9dd3f3aadfacdde1e1bc
parent896a97c2e2cc57bad8d2df70fb731b41930af075 (diff)
downloadmpv-469666b75bdf336f6c263faa313d46f5684cc577.tar.bz2
mpv-469666b75bdf336f6c263faa313d46f5684cc577.tar.xz
stream: fix double-free if cache init fails
If the normal stream cache init fails, and a file cache was initialized before, we free the file cache as well. But since the file cache is chained to the real stream, the real stream will also be freed. This has to be prevented by clearing the pointer to the original stream in the uncached_stream field. This could in particular be triggered by using --cache-initial=1000 and aborting playback during loading. (Without that option, stream cache init failure is far less likely.)
-rw-r--r--stream/stream.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/stream/stream.c b/stream/stream.c
index 4b55b1134a..3ecdfb01ad 100644
--- a/stream/stream.c
+++ b/stream/stream.c
@@ -805,8 +805,10 @@ int stream_enable_cache(stream_t **stream, struct mp_cache_opts *opts)
if (res <= 0) {
cache->uncached_stream = NULL; // don't free original stream
free_stream(cache);
- if (fcache != orig)
+ if (fcache != orig) {
+ fcache->uncached_stream = NULL;
free_stream(fcache);
+ }
} else {
*stream = cache;
}