jp9000/obs-studio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deps-libff: Fix stack corruption

Browse Source 
ff_clock_init expects a parameter with a pointer where it stores the
address of the newly allocated ff_clock, but ff_demuxer_reset does not
provide this parameter. That somehow writes the pointer to the ff_clock
into the packet->base->buf field on the stack of the ff_demuxer_reset
function. This later causes a segmentation fault when the packet is freed.

Closes jp9000/obs-studio#448
This commit is contained in:
Christoph Hohmann 2015-07-07 23:38:22 +02:00 committed by jp9000
parent fdcb27230c
commit e96c7c86b6
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deps/libff/libff/ff-clock.c vendored
View File

@ -90,9 +90,9 @@ bool ff_clock_start(struct ff_clock *clock, enum ff_av_sync_type sync_type,
return !release && !aborted;
}
struct ff_clock *ff_clock_init(struct ff_clock *clock)
struct ff_clock *ff_clock_init(void)
{
clock = av_mallocz(sizeof(struct ff_clock));
struct ff_clock *clock = av_mallocz(sizeof(struct ff_clock));
if (clock == NULL)
return NULL;

2
deps/libff/libff/ff-clock.h vendored
View File

@ -50,7 +50,7 @@ struct ff_clock {
typedef struct ff_clock ff_clock_t;
struct ff_clock * ff_clock_init();
struct ff_clock * ff_clock_init(void);
double ff_get_sync_clock(struct ff_clock *clock);
struct ff_clock *ff_clock_retain(struct ff_clock *clock);
struct ff_clock *ff_clock_move(struct ff_clock **clock);