projects / platform / core / api / mediaeditor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3f85334)
media_editor_private: Fix possible crash when handling callback in idle 89/275189/1
authorSangchul Lee <sc11.lee@samsung.com>
Wed, 18 May 2022 03:14:21 +0000 (12:14 +0900)
committerSangchul Lee <sc11.lee@samsung.com>
Wed, 18 May 2022 03:16:47 +0000 (12:16 +0900)
It was possible to access freed memory in __post_state_cb_in_idle().
The mutex locker is also applied to _post_error_cb_in_idle().

[Version] 0.1.6
[Issue Type] Bug fix

Change-Id: If3fe02e30f53631edcedba59821650dd4ee60a4f
Signed-off-by: Sangchul Lee <sc11.lee@samsung.com>
packaging/capi-media-editor.spec patch | blob | history
src/media_editor_private.c patch | blob | history

diff --git a/packaging/capi-media-editor.spec b/packaging/capi-media-editor.spec
index 0be25993157a6809e8b5f76ecdde4ca56f81bbbb..fd4ade3e0e0cfe173d6376b979934122537a5976 100644 (file)
--- a/packaging/capi-media-editor.spec
+++ b/packaging/capi-media-editor.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-editor
 Summary:    A Tizen Media Editor API
-Version:    0.0.5
+Version:    0.0.6
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/src/media_editor_private.c b/src/media_editor_private.c
index e99f9ad53627a1314a660efebc988c4a3e8baca2..6ef3d9a0f816ef6fd8e2c1ace234259342aa21da 100644 (file)
--- a/src/media_editor_private.c
+++ b/src/media_editor_private.c
@@ -367,6 +367,7 @@ static gboolean __idle_cb(gpointer user_data)
 static void __post_state_cb_in_idle(mediaeditor_s *editor, mediaeditor_state_e new_state)
 {
     idle_userdata_s *data = NULL;
+    g_autoptr(GMutexLocker) locker = NULL;
 
     RET_IF(editor == NULL, "editor is NULL");
 
@@ -380,9 +381,8 @@ static void __post_state_cb_in_idle(mediaeditor_s *editor, mediaeditor_state_e n
 
     editor->pend_state = new_state;
 
-    g_mutex_lock(&editor->event_src_mutex);
+    locker = g_mutex_locker_new(&editor->event_src_mutex);
     editor->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free);
-    g_mutex_unlock(&editor->event_src_mutex);
 
     LOG_DEBUG("state will be changed [%s] -> [%s]", __state_str[editor->state], __state_str[new_state]);
 }
@@ -390,6 +390,7 @@ static void __post_state_cb_in_idle(mediaeditor_s *editor, mediaeditor_state_e n
 void _post_error_cb_in_idle(mediaeditor_s *editor, mediaeditor_error_e error)
 {
     idle_userdata_s *data = NULL;
+    g_autoptr(GMutexLocker) locker = NULL;
 
     RET_IF(editor == NULL, "editor is NULL");
 
@@ -398,9 +399,8 @@ void _post_error_cb_in_idle(mediaeditor_s *editor, mediaeditor_error_e error)
     data->type = IDLE_CB_TYPE_ERROR;
     data->new.error = error;
 
-    g_mutex_lock(&editor->event_src_mutex);
+    locker = g_mutex_locker_new(&editor->event_src_mutex);
     editor->idle_cb_event_source_ids[data->type] = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, __idle_cb, data, g_free);
-    g_mutex_unlock(&editor->event_src_mutex);
 
     LOG_DEBUG("error will occur [0x%x]", error);
 }
Domain: Multimedia / Media Editing;