aboutsummaryrefslogtreecommitdiff
path: root/image/codecs/msrle.cpp
diff options
context:
space:
mode:
authorEvgeny Grechnikov2018-10-16 00:49:07 +0300
committerEvgeny Grechnikov2018-10-16 00:49:07 +0300
commit8162309212bbc287632fc375d1740a64733019fb (patch)
tree0b78997549fd0de4ad18dbf09fbb7b2e886eb770 /image/codecs/msrle.cpp
parent45641f3de5c598b534b36d4ba0f30ac6b41d9bac (diff)
downloadscummvm-rg350-8162309212bbc287632fc375d1740a64733019fb.tar.gz
scummvm-rg350-8162309212bbc287632fc375d1740a64733019fb.tar.bz2
scummvm-rg350-8162309212bbc287632fc375d1740a64733019fb.zip
LASTEXPRESS: fix race condition in sound code
SoundEntry::play() calls StreamedSound::setFilterId(), StreamSound::setFilterId() requires the underlying reference to be alive. SoundQueue::handleTimer() checks that the stream is still alive by calling SoundEntry::isFinished(). However, if the stream is finalized just between calls to SoundEntry::isFinished() and SoundEntry::play(), the sound mixer frees the stream leading to use-after-free in setFilterId(). Turn off the automatical disposing, delete the stream in SoundEntry::~SoundEntry().
Diffstat (limited to 'image/codecs/msrle.cpp')
0 files changed, 0 insertions, 0 deletions