diff options
| author | wm4 <wm4@nowhere> | 2015-02-25 13:31:37 +0100 |
|---|---|---|
| committer | wm4 <wm4@nowhere> | 2015-02-25 13:31:37 +0100 |
| commit | 9349cfca910990d1126b973fd2ca55cb2351d35f (patch) | |
| tree | cc517d182f879c0708f22fc070c9f6755b762466 /demux/demux_mkv_timeline.c | |
| parent | 02bd54c0ac0933bc2fe982666bbe4da75957c485 (diff) | |
| download | mpv-9349cfca910990d1126b973fd2ca55cb2351d35f.tar.bz2 mpv-9349cfca910990d1126b973fd2ca55cb2351d35f.tar.xz | |
demux_mkv_timeline: fix potential issue when enabling cache
If the cache is enabled, the demuxer is closed and opened again (because
currently, the cache can not be enabled atfer data was already read).
The call for opening a new demuxer uses the same params struct, which
references the ctx->uids array. But there is a MP_TARRAY_GROW()
invocation somewhere on the way, which can reallocate the ctx->uids
array, making params.uids a dangling pointer.
This issue probably existed for a longer time, probably since 5cd33853
(slightly more obvious since f50b105d).
Diffstat (limited to 'demux/demux_mkv_timeline.c')
| -rw-r--r-- | demux/demux_mkv_timeline.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/demux/demux_mkv_timeline.c b/demux/demux_mkv_timeline.c index 1ef90f04cf..3326362226 100644 --- a/demux/demux_mkv_timeline.c +++ b/demux/demux_mkv_timeline.c @@ -214,6 +214,7 @@ static bool check_file_seg(struct tl_ctx *ctx, char *filename, int segment) { free_demuxer_and_stream(d); params.disable_cache = false; + params.matroska_wanted_uids = ctx->uids; // potentially reallocated, same data d = demux_open_url(filename, ¶ms, cancel, ctx->global); if (!d) continue; |