File libwebp-CVE-2020-36329.patch of Package libwebp.30679

Overview Repositories Revisions Requests Users Attributes Meta

File libwebp-CVE-2020-36329.patch of Package libwebp.30679

From 569001f19fc81fcb5ab358f587a54c62e7c4665c Mon Sep 17 00:00:00 2001
From: Yannis Guyon <yguyon@google.com>
Date: Wed, 13 Jun 2018 10:39:37 +0200
Subject: [PATCH] Fix for thread race heap-use-after-free

BUG=webp:384

Change-Id: I3a300b45ccae33470888cf2e35a7e937579c9409

Backported by Mike Gorse <mgorse@suse.com>
---
 src/dec/idec.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/dec/idec.c b/src/dec/idec.c
index a371ed75..258d15b0 100644
--- a/src/dec/idec.c
+++ b/src/dec/idec.c
@@ -283,10 +283,8 @@ static void RestoreContext(const MBContext* context, VP8Decoder* const dec,
 
 static VP8StatusCode IDecError(WebPIDecoder* const idec, VP8StatusCode error) {
   if (idec->state_ == STATE_VP8_DATA) {
-    VP8Io* const io = &idec->io_;
-    if (io->teardown != NULL) {
-      io->teardown(io);
-    }
+    // Synchronize the thread, clean-up and check for errors.
+    VP8ExitCritical((VP8Decoder*)idec->dec_, &idec->io_);
   }
   idec->state_ = STATE_ERROR;
   return error;
-- 
2.31.1

Places

File libwebp-CVE-2020-36329.patch of Package libwebp.30679

Places