From f50b105d06d437e8643f01f2335571c2bba191c2 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Sat, 19 Oct 2013 22:58:02 +0200
Subject: tl_matroska: fix use-after-free with --cache

If cache was enabled, using ordered chapters could easily crash. The
reason is that enable_cache() reopens the demuxer and closes the old
one. The code after that (reading m->ordered_chapters etc.) then
accessed freed data.

This commit also avoids enabling cache for files which are not used
(which would make opening much slower).
---
 mpvcore/timeline/tl_matroska.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'mpvcore')

diff --git a/mpvcore/timeline/tl_matroska.c b/mpvcore/timeline/tl_matroska.c
index e8a855a233..55ef9cf825 100644
--- a/mpvcore/timeline/tl_matroska.c
+++ b/mpvcore/timeline/tl_matroska.c
@@ -195,9 +195,6 @@ static bool check_file_seg(struct MPContext *mpctx, struct demuxer ***sources,
                 mp_msg(MSGT_CPLAYER, MSGL_INFO, "Match for source %d: %s\n",
                        i, d->filename);
 
-                if (enable_cache(mpctx, &s, &d, &params) < 0)
-                    continue;
-
                 for (int j = 0; j < m->num_ordered_chapters; j++) {
                     struct matroska_chapter *c = m->ordered_chapters + j;
 
@@ -215,6 +212,9 @@ static bool check_file_seg(struct MPContext *mpctx, struct demuxer ***sources,
                     MP_TARRAY_APPEND(NULL, *sources, *num_sources, NULL);
                 }
 
+                if (enable_cache(mpctx, &s, &d, &params) < 0)
+                    continue;
+
                 (*sources)[i] = d;
                 return true;
             }
-- 
cgit v1.2.3