From 9349cfca910990d1126b973fd2ca55cb2351d35f Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Wed, 25 Feb 2015 13:31:37 +0100
Subject: demux_mkv_timeline: fix potential issue when enabling cache

If the cache is enabled, the demuxer is closed and opened again (because
currently, the cache can not be enabled atfer data was already read).
The call for opening a new demuxer uses the same params struct, which
references the ctx->uids array. But there is a MP_TARRAY_GROW()
invocation somewhere on the way, which can reallocate the ctx->uids
array, making params.uids a dangling pointer.

This issue probably existed for a longer time, probably since 5cd33853
(slightly more obvious since f50b105d).
---
 demux/demux_mkv_timeline.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'demux/demux_mkv_timeline.c')

diff --git a/demux/demux_mkv_timeline.c b/demux/demux_mkv_timeline.c
index 1ef90f04cf..3326362226 100644
--- a/demux/demux_mkv_timeline.c
+++ b/demux/demux_mkv_timeline.c
@@ -214,6 +214,7 @@ static bool check_file_seg(struct tl_ctx *ctx, char *filename, int segment)
             {
                 free_demuxer_and_stream(d);
                 params.disable_cache = false;
+                params.matroska_wanted_uids = ctx->uids; // potentially reallocated, same data
                 d = demux_open_url(filename, &params, cancel, ctx->global);
                 if (!d)
                     continue;
-- 
cgit v1.2.3