From 6be613c178d96c60ca0ae08a32946a5c4ce02989 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 5 Apr 2021 22:55:20 +0200 Subject: stream_slice: fix use-after-free if inner stream fails to open The args struct is reused to attempt opening an URL with different stream layers, overwriting args->url not only breaks this but also causes the freed buffer to be used again. --- stream/stream_slice.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'stream') diff --git a/stream/stream_slice.c b/stream/stream_slice.c index d7d0a6bf05..8bf80943eb 100644 --- a/stream/stream_slice.c +++ b/stream/stream_slice.c @@ -151,8 +151,9 @@ static int open2(struct stream *stream, struct stream_open_args *args) return parse_ret; } - args->url = stream->path; - int inner_ret = stream_create_with_args(args, &p->inner); + struct stream_open_args args2 = *args; + args2.url = stream->path; + int inner_ret = stream_create_with_args(&args2, &p->inner); if (inner_ret != STREAM_OK) { return inner_ret; } -- cgit v1.2.3