Skip to content

playlist: fix use-after-free with the preparser

Thomas Guillem requested to merge tguillem/vlc:playlist-preparser-use-after-free into master

vlc_preparser_Deactivate() won't prevent any callbacks to be called, it will just cancel all pending tasks and ensure no tasks are pushed anymore. vlc_preparser_Delete() will wait for the executor threads and prevent callbacks to be called.

Fixes the following use-after-free:

==1190318==ERROR: AddressSanitizer: heap-use-after-free on address 0x517000003fb0 at pc 0x7f1f71dff3e5 bp 0x7f1f6e5feb00 sp 0x7f1f6e5feaf8
READ of size 8 at 0x517000003fb0 thread T2 (vlc-run-searchl)
    #0 0x7f1f71dff3e4 in vlc_mutex_held ../../src/misc/threads.c:91
    #1 0x7f1f71d5a41c in vlc_player_Lock ../../src/player/player.c:943
    #2 0x7f1f71ce9891 in vlc_playlist_Lock ../../src/playlist/playlist.c:101
    #3 0x7f1f71ce9d54 in on_preparse_ended ../../src/playlist/preparse.c:99
    #4 0x7f1f71cf2c7a in NotifyPreparseEnded ../../src/preparser/preparser.c:153
    #5 0x7f1f71cf2d4c in OnArtFetchEnded ../../src/preparser/preparser.c:205
    #6 0x7f1f71cf003d in NotifyArtFetchEnded ../../src/preparser/fetcher.c:296
    #7 0x7f1f71cf1c0e in RunSearchLocal ../../src/preparser/fetcher.c:393
    #8 0x7f1f71debd07 in ThreadRun ../../src/misc/executor.c:134
    #9 0x7f1f7205b1d5 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
    #10 0x7f1f7195f111 in start_thread nptl/pthread_create.c:447
    #11 0x7f1f719dd8f7 in __clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

0x517000003fb0 is located 48 bytes inside of 656-byte region [0x517000003f80,0x517000004210)
freed by thread T0 here:
    #0 0x7f1f720f3918 in free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x7f1f71e0be6f in vlc_object_delete ../../src/misc/objects.c:144
    #2 0x7f1f71d5f35e in vlc_player_Delete ../../src/player/player.c:1909
    #3 0x7f1f71ce8d9e in vlc_playlist_PlayerDestroy ../../src/playlist/player.c:169
    #4 0x7f1f71ce9801 in vlc_playlist_Delete ../../src/playlist/playlist.c:90
    #5 0x7f1f71ca8286 in libvlc_InternalCleanup ../../src/libvlc.c:367
    #6 0x7f1f71fcc756 in libvlc_release ../../lib/core.c:114
    #7 0x560dae321a97 in main ../../bin/vlc.c:275
    #8 0x7f1f718f6d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Merge request reports

VideoLAN code repository instance