diff options
author | Vito Caputo <vcaputo@pengaru.com> | 2023-07-12 15:15:44 -0700 |
---|---|---|
committer | Vito Caputo <vcaputo@pengaru.com> | 2023-07-12 15:23:11 -0700 |
commit | 468c78e30594310bed34d0d59b5544e4ef71f38e (patch) | |
tree | dfaa226b529ddbddb12d546aba8b8f32b28ded55 | |
parent | 55de24928d2598694c747456d4e0c8241a99a9e5 (diff) |
modules/rtv: perform gc immediately in cleanup_channel()
Until channel context paths are distinct it's buggy to let the
contexts linger while constructing the next channel's contexts.
Originally when the gc was added here the intention was to
support stuff like the "ref" module and get the channels settings
wired up immediately with more focus on rtv's details in this
area. Supporting stuff like contexts backing some layers
persisting across channels, while the others were swapped out,
seemed potentially interesting (and it still is).
But the rkt stuff became prioritized as rtv is more like a fuzzer
than anything despite being the default module. And rkt related
activities will continue for now, so let's just get rtv less
likely to crash.
A reliable repro for triggering an ASAN UAF bug without this
commit is:
--seed=0x64af3b05
'--module=rtv,duration=1,context_duration=1,channels=compose,caption_duration=2,snow_duration=0,snow_module=none,log_channels=on'
'--video=sdl,fullscreen=off,size=640x480'
A few channels in blinds will UAF while updating taps stored in a
freed context, because the previous channel has a blinds in the
same layer as the newly setup channel, putting the contexts at
exactly the same paths on-stream. There's probably another bug
in here that I need to dig into, but coexisting contexts at the
same path on-stream was never the intention. The syncronous
immediate gc ensures nothing remains of the previous channel
before constructing the new one at the same path.
-rw-r--r-- | src/modules/rtv/rtv.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/modules/rtv/rtv.c b/src/modules/rtv/rtv.c index 9cf025a..445be0f 100644 --- a/src/modules/rtv/rtv.c +++ b/src/modules/rtv/rtv.c @@ -138,6 +138,8 @@ static void cleanup_channel(rtv_context_t *ctxt) ctxt->channel->settings_as_arg = NULL; ctxt->caption = ctxt->channel->caption = txt_free(ctxt->channel->caption); + + til_stream_gc_module_contexts(ctxt->til_module_context.stream); } @@ -222,8 +224,6 @@ static void setup_next_channel(rtv_context_t *ctxt, unsigned ticks) if (!ctxt->channel->module_ctxt) (void) til_module_create_context(ctxt->channel->module, ctxt->til_module_context.stream, rand_r(&ctxt->til_module_context.seed), ticks, ctxt->til_module_context.n_cpus, ctxt->channel->module_setup, &ctxt->channel->module_ctxt); - til_stream_gc_module_contexts(ctxt->til_module_context.stream); - ctxt->channel->last_on_time = now; } |