summaryrefslogtreecommitdiff
path: root/src/libs/ray
diff options
context:
space:
mode:
authorVito Caputo <vcaputo@pengaru.com>2023-07-12 15:15:44 -0700
committerVito Caputo <vcaputo@pengaru.com>2023-07-12 15:23:11 -0700
commit468c78e30594310bed34d0d59b5544e4ef71f38e (patch)
treedfaa226b529ddbddb12d546aba8b8f32b28ded55 /src/libs/ray
parent55de24928d2598694c747456d4e0c8241a99a9e5 (diff)
modules/rtv: perform gc immediately in cleanup_channel()
Until channel context paths are distinct it's buggy to let the contexts linger while constructing the next channel's contexts. Originally when the gc was added here the intention was to support stuff like the "ref" module and get the channels settings wired up immediately with more focus on rtv's details in this area. Supporting stuff like contexts backing some layers persisting across channels, while the others were swapped out, seemed potentially interesting (and it still is). But the rkt stuff became prioritized as rtv is more like a fuzzer than anything despite being the default module. And rkt related activities will continue for now, so let's just get rtv less likely to crash. A reliable repro for triggering an ASAN UAF bug without this commit is: --seed=0x64af3b05 '--module=rtv,duration=1,context_duration=1,channels=compose,caption_duration=2,snow_duration=0,snow_module=none,log_channels=on' '--video=sdl,fullscreen=off,size=640x480' A few channels in blinds will UAF while updating taps stored in a freed context, because the previous channel has a blinds in the same layer as the newly setup channel, putting the contexts at exactly the same paths on-stream. There's probably another bug in here that I need to dig into, but coexisting contexts at the same path on-stream was never the intention. The syncronous immediate gc ensures nothing remains of the previous channel before constructing the new one at the same path.
Diffstat (limited to 'src/libs/ray')
0 files changed, 0 insertions, 0 deletions
© All Rights Reserved