[MPlayer-users] patch to fix illegal memory access in mplayer (fwd)
Nilmoni Deb
ndeb at ece.cmu.edu
Sun Oct 6 16:50:02 CEST 2002
Hi,
I posted this fix in mplayer-dev-eng but got the message that its
a subscriber-only list now and my post will go thru a moderator if it has
to be posted. Now, I don't know how frequently the moderator(s) filter
messages since i am yet to see my post appearing. U all can check if the
fix is important enough and speed up things.
thanks
- Nil
---------- Forwarded message ----------
Date: Sun, 6 Oct 2002 01:28:46 -0400 (EDT)
From: Nilmoni Deb <ndeb at ece.cmu.edu>
To: mplayer-dev-eng at mplayerhq.hu
Subject: patch to fix illegal memory access in mplayer
Hi,
I was getting segmentation faults with current cvs. The segfaults
are highly reproducible. I used Electric fence (instead of gdb) to catch
the exact place where the illegal memory access was occurring. I tracked
it down to these lines in mplayer.c (cvs v1.587).
2640 // time to uninit all, except global stuff:
2641 uninit_player(INITED_ALL-(INITED_GUI+INITED_LIRC+INITED_INPUT));
2642
This line frees the structures pointed to by the pointers:
sh_audio
sh_video
But printf statements show that these pointers are not initialized to NULL
after this uninit operation. Later on, in these lines:
2694 current_module="uninit_acodec";
2695 if(sh_audio) uninit_audio(sh_audio);
2696 sh_audio=NULL;
2697
2698 current_module="uninit_vcodec";
2699 if(sh_video) uninit_video(sh_video);
2700 sh_video=NULL;
2701
these pointers are freed a _second_ time. This implies a double free!!
Here is the patch to fix this:
--- mplayer.c Sun Oct 6 00:35:54 2002
+++ mplayer.c.new Sun Oct 6 00:48:12 2002
@@ -2639,6 +2639,8 @@
// time to uninit all, except global stuff:
uninit_player(INITED_ALL-(INITED_GUI+INITED_LIRC+INITED_INPUT));
+sh_audio=NULL;
+sh_video=NULL;
if(eof == PT_NEXT_ENTRY || eof == PT_PREV_ENTRY) {
eof = eof == PT_NEXT_ENTRY ? 1 : -1;
The above patch removes the seg faults but I think this NULL assignment
should be taken care of by the audio_out->uninit() function (and other
similar functions) call in uninit_player().
Also, I recommend using electric fence for catching memory abuse as in
many cases the program may not segfault (lucky escape !!) for the
particular movie file, but electric fence will catch the abuse anyhow.
thanks
- Nil
More information about the MPlayer-users
mailing list