31 lines
945 B
Diff
31 lines
945 B
Diff
From a0b85e4a366408be8d077ec30754213bcce8aceb Mon Sep 17 00:00:00 2001
|
|
From: Yannis Guyon <yguyon@google.com>
|
|
Date: Wed, 13 Jun 2018 10:39:37 +0200
|
|
Subject: [PATCH] Fix for thread race heap-use-after-free
|
|
|
|
BUG=webp:385
|
|
---
|
|
src/dec/idec_dec.c | 6 ++----
|
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/dec/idec_dec.c b/src/dec/idec_dec.c
|
|
index a371ed7..258d15b 100644
|
|
--- a/src/dec/idec_dec.c
|
|
+++ b/src/dec/idec_dec.c
|
|
@@ -283,10 +283,8 @@ static void RestoreContext(const MBContext* context, VP8Decoder* const dec,
|
|
|
|
static VP8StatusCode IDecError(WebPIDecoder* const idec, VP8StatusCode error) {
|
|
if (idec->state_ == STATE_VP8_DATA) {
|
|
- VP8Io* const io = &idec->io_;
|
|
- if (io->teardown != NULL) {
|
|
- io->teardown(io);
|
|
- }
|
|
+ // Synchronize the thread, clean-up and check for errors.
|
|
+ VP8ExitCritical((VP8Decoder*)idec->dec_, &idec->io_);
|
|
}
|
|
idec->state_ = STATE_ERROR;
|
|
return error;
|
|
--
|
|
2.19.1
|
|
|