From c11f17b9e666d8ef05a6d7990989e5bf6247f4af Mon Sep 17 00:00:00 2001 From: arch1t3cht Date: Sat, 17 Feb 2024 02:13:43 +0100 Subject: [PATCH] lua: Correct refcount handling in get_frame When destroying a frame handle, the previous logic would copy the shared_ptr in the userdata and then free it twice (once explicitly and once at the end of the function), which is actually UB, even if if worked fine so far. This commit now ensures that it's the actual userdata's shared_ptr that's freed in the gc function. --- src/auto4_lua.cpp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/auto4_lua.cpp b/src/auto4_lua.cpp index 8e4c73641..b5e381fe1 100644 --- a/src/auto4_lua.cpp +++ b/src/auto4_lua.cpp @@ -201,25 +201,25 @@ namespace { } } - std::shared_ptr check_VideoFrame(lua_State *L) { + std::shared_ptr *check_VideoFrame(lua_State *L) { auto framePtr = static_cast*>(luaL_checkudata(L, 1, "VideoFrame")); - return *framePtr; + return framePtr; } int FrameWidth(lua_State *L) { - std::shared_ptr frame = check_VideoFrame(L); + std::shared_ptr frame = *check_VideoFrame(L); push_value(L, frame->width); return 1; } int FrameHeight(lua_State *L) { - std::shared_ptr frame = check_VideoFrame(L); + std::shared_ptr frame = *check_VideoFrame(L); push_value(L, frame->height); return 1; } int FramePixel(lua_State *L) { - std::shared_ptr frame = check_VideoFrame(L); + std::shared_ptr frame = *check_VideoFrame(L); size_t x = lua_tointeger(L, -2); size_t y = lua_tointeger(L, -1); lua_pop(L, 2); @@ -239,7 +239,7 @@ namespace { } int FramePixelFormatted(lua_State *L) { - std::shared_ptr frame = check_VideoFrame(L); + std::shared_ptr frame = *check_VideoFrame(L); size_t x = lua_tointeger(L, -2); size_t y = lua_tointeger(L, -1); lua_pop(L, 2); @@ -259,8 +259,8 @@ namespace { } int FrameDestroy(lua_State *L) { - std::shared_ptr frame = check_VideoFrame(L); - frame.~shared_ptr(); + std::shared_ptr *frame = check_VideoFrame(L); + frame->~shared_ptr(); return 0; }