From ae8a91d6b64f7ebdcce937a332830be19b5fc7e2 Mon Sep 17 00:00:00 2001 From: wm4 Date: Thu, 8 Jan 2015 00:55:57 +0100 Subject: vo_opengl: gl_lcms: fix potential dangling pointer issue If icc-path is set, but the thing is replaced with a memory profile, then p->icc_path would point to deallocated memory. Also, the NULL checks are unnecessary. --- video/out/gl_lcms.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/video/out/gl_lcms.c b/video/out/gl_lcms.c index 254826bb15..7f6b54e38e 100644 --- a/video/out/gl_lcms.c +++ b/video/out/gl_lcms.c @@ -145,16 +145,17 @@ void gl_lcms_set_options(struct gl_lcms *p, struct mp_icc_opts *opts) load_profile(p); } +// Warning: profile.start must point to a ta allocation, and the function +// takes over ownership. void gl_lcms_set_memory_profile(struct gl_lcms *p, bstr *profile) { if (!p->opts.profile_auto) return; - if (p->icc_path) - talloc_free(p->icc_path); + talloc_free(p->icc_path); + p->icc_path = NULL; - if (p->icc_data) - talloc_free(p->icc_data); + talloc_free(p->icc_data); p->icc_data = talloc_steal(p, profile->start); p->icc_size = profile->len; -- cgit v1.2.3