Permalink
Browse files

demux: image: fix heap-use-after-free

detect callbacks can call vlc_stream_Peek() and invalidate the current peek
buffer is re-allocation is needed.

An other way to solve this issue is to make sure that checks with a callback
are executed after checks with a marker/marker_size.
  • Loading branch information...
tguillem committed Jun 23, 2017
1 parent b2fb79e commit 1de4047a25cd336d1539ea0867c29180928dd230
Showing with 2 additions and 0 deletions.
  1. +2 −0 modules/demux/image.c
@@ -637,6 +637,8 @@ static int Open(vlc_object_t *object)
if (img->detect) {
if (img->detect(demux->s))
break;
/* detect callbacks can invalidate the current peek buffer */
peek_size = 0;
} else {
if ((size_t) peek_size < img->marker_size)
{

0 comments on commit 1de4047

Please sign in to comment.