pluginloader: fix pending_plugins Glist use-after-free issue

When plugin_loader_load_and_sync returns false in plugin_loader_replay_pending, the cur Glist l->pending_plugins will be added to the blacklist. However, the l->pending_plugins might have already been loaded and freed in handle_rx_packet, so causing a use-after-free issue. Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8747>
2025-04-01 11:02:58 +08:00 · 2025-04-01 11:02:58 +08:00 · b144375974
commit b144375974
parent 80a23d7132
1 changed files with 6 additions and 1 deletions
--- a/subprojects/gstreamer/gst/gstpluginloader.c
+++ b/subprojects/gstreamer/gst/gstpluginloader.c
@ -264,7 +264,12 @@ restart:
  while ((cur = l->pending_plugins)) {
    PendingPluginEntry *entry = (PendingPluginEntry *) (cur->data);

-    if (!plugin_loader_load_and_sync (l, entry)) {
+    /* Maybe the cur(current head of the pending plugins list) has already been
+     * processed and deleted from pending plugins in handle_rx_packet when
+     * received this plugin details, so here add cur == l->pending_plugins
+     * to ensure that the cur is valid */
+    if (!plugin_loader_load_and_sync (l, entry)
+        && cur == l->pending_plugins) {
      /* Create dummy plugin entry to block re-scanning this file */
      GST_ERROR ("Plugin file %s failed to load. Blacklisting",
          entry->filename);