From 569001f19fc81fcb5ab358f587a54c62e7c4665c Mon Sep 17 00:00:00 2001 From: Yannis Guyon Date: Wed, 13 Jun 2018 10:39:37 +0200 Subject: [PATCH] Fix for thread race heap-use-after-free BUG=webp:384 Change-Id: I3a300b45ccae33470888cf2e35a7e937579c9409 --- src/dec/idec_dec.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/dec/idec_dec.c b/src/dec/idec_dec.c index a371ed75..258d15b0 100644 --- a/src/dec/idec_dec.c +++ b/src/dec/idec_dec.c @@ -283,10 +283,8 @@ static void RestoreContext(const MBContext* context, VP8Decoder* const dec, static VP8StatusCode IDecError(WebPIDecoder* const idec, VP8StatusCode error) { if (idec->state_ == STATE_VP8_DATA) { - VP8Io* const io = &idec->io_; - if (io->teardown != NULL) { - io->teardown(io); - } + // Synchronize the thread, clean-up and check for errors. + VP8ExitCritical((VP8Decoder*)idec->dec_, &idec->io_); } idec->state_ = STATE_ERROR; return error;