diff options
author | Evgeny Grechnikov | 2018-10-16 00:49:07 +0300 |
---|---|---|
committer | Evgeny Grechnikov | 2018-10-16 00:49:07 +0300 |
commit | 8162309212bbc287632fc375d1740a64733019fb (patch) | |
tree | 0b78997549fd0de4ad18dbf09fbb7b2e886eb770 /image/codecs/msrle.cpp | |
parent | 45641f3de5c598b534b36d4ba0f30ac6b41d9bac (diff) | |
download | scummvm-rg350-8162309212bbc287632fc375d1740a64733019fb.tar.gz scummvm-rg350-8162309212bbc287632fc375d1740a64733019fb.tar.bz2 scummvm-rg350-8162309212bbc287632fc375d1740a64733019fb.zip |
LASTEXPRESS: fix race condition in sound code
SoundEntry::play() calls StreamedSound::setFilterId(),
StreamSound::setFilterId() requires the underlying reference to be alive.
SoundQueue::handleTimer() checks that the stream is still alive
by calling SoundEntry::isFinished(). However, if the stream is finalized
just between calls to SoundEntry::isFinished() and SoundEntry::play(),
the sound mixer frees the stream leading to use-after-free in setFilterId().
Turn off the automatical disposing, delete the stream in SoundEntry::~SoundEntry().
Diffstat (limited to 'image/codecs/msrle.cpp')
0 files changed, 0 insertions, 0 deletions