Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A use after free bug in src_v41_set_read.c #60

Closed
ShangzhiXu opened this issue Apr 3, 2023 · 2 comments
Closed

A use after free bug in src_v41_set_read.c #60

ShangzhiXu opened this issue Apr 3, 2023 · 2 comments

Comments

@ShangzhiXu
Copy link

File: src_v41_set_read.c
Bug Function: src_v4l_open
Version: Git-master

In line 788-792

	if(src->use_read && src_v4l_set_read(src))
	{
		src_v4l_close(src);
		return(-1);
	}

In the src_v4l_set_read, if in line 667 s->buffer = malloc(s->buffer_length); failed, it will release src in line 671 and return -1. So in line 788, if src->use_read != NULL, line 790 will be executed, which will lead to UAF
fsphil added a commit that referenced this issue Apr 3, 2023
@fsphil
Fix use after free / double free in V4L1 source. Issue #60
90a2922
@fsphil
Copy link
Owner

fsphil commented Apr 3, 2023

Confirmed, and hopefully fixed. Thanks for the report!

@ShangzhiXu
Copy link
Author

You are welcome. Have a good day!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fsphil @ShangzhiXu