slapin/qtmultimedia
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix a possible stale pointer access if we can't connect to PulseAudio.

Browse Source 
We free the mainloop but didn't check validity before calling lock or
unlock.  Also we might need to unlock the main loop before freeing
it in some other error cases.

Change-Id: Iadf1049324cdf37ca9841b82e53e33afdcba8cb2
Reviewed-by: Jun Zhu <jun.5.zhu@nokia.com>
Reviewed-by: Lev Zelenskiy <lev.zelenskiy@nokia.com>
Reviewed-by: Dmytro Poplavskiy <dmytro.poplavskiy@nokia.com>
This commit is contained in:
Michael Goddard
2012-04-27 11:58:50 +10:00
committed by Qt by Nokia
parent 2a7c2e695b
commit b2d581b42e
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/multimedia/audio/qsoundeffect_pulse_p.cpp
View File

@@ -114,12 +114,14 @@ public:
inline void lock()
{
pa_threaded_mainloop_lock(m_mainLoop);
if (m_mainLoop)
pa_threaded_mainloop_lock(m_mainLoop);
}
inline void unlock()
{
pa_threaded_mainloop_unlock(m_mainLoop);
if (m_mainLoop)
pa_threaded_mainloop_unlock(m_mainLoop);
}
inline pa_context *context() const
@@ -152,6 +154,7 @@ private:
{
m_vol = PA_VOLUME_NORM;
m_context = 0;
m_mainLoop = pa_threaded_mainloop_new();
if (m_mainLoop == 0) {
qWarning("PulseAudioService: unable to create pulseaudio mainloop");
@@ -173,14 +176,19 @@ private:
if (m_context == 0) {
qWarning("PulseAudioService: Unable to create new pulseaudio context");
pa_threaded_mainloop_unlock(m_mainLoop);
pa_threaded_mainloop_free(m_mainLoop);
m_mainLoop = 0;
return;
}
if (pa_context_connect(m_context, 0, (pa_context_flags_t)0, 0) < 0) {
qWarning("PulseAudioService: pa_context_connect() failed");
pa_context_unref(m_context);
pa_threaded_mainloop_unlock(m_mainLoop);
pa_threaded_mainloop_free(m_mainLoop);
m_mainLoop = 0;
m_context = 0;
return;
}
unlock();
@@ -191,6 +199,7 @@ private:
void release()
{
if (!m_prepared) return;
pa_context_unref(m_context);
pa_threaded_mainloop_stop(m_mainLoop);
pa_threaded_mainloop_free(m_mainLoop);
m_prepared = false;