From 469666b75bdf336f6c263faa313d46f5684cc577 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Mon, 8 Aug 2016 11:32:55 +0200
Subject: stream: fix double-free if cache init fails

If the normal stream cache init fails, and a file cache was initialized
before, we free the file cache as well. But since the file cache is
chained to the real stream, the real stream will also be freed. This has
to be prevented by clearing the pointer to the original stream in the
uncached_stream field.

This could in particular be triggered by using --cache-initial=1000 and
aborting playback during loading. (Without that option, stream cache
init failure is far less likely.)
---
 stream/stream.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/stream/stream.c b/stream/stream.c
index 4b55b1134a..3ecdfb01ad 100644
--- a/stream/stream.c
+++ b/stream/stream.c
@@ -805,8 +805,10 @@ int stream_enable_cache(stream_t **stream, struct mp_cache_opts *opts)
     if (res <= 0) {
         cache->uncached_stream = NULL; // don't free original stream
         free_stream(cache);
-        if (fcache != orig)
+        if (fcache != orig) {
+            fcache->uncached_stream = NULL;
             free_stream(fcache);
+        }
     } else {
         *stream = cache;
     }
-- 
cgit v1.2.3