VideoPlayer/VAAPI: fix use-after-free bug in Release()

The "return refCount" dereferences the CVaapiRenderPicture instance after it was freed by vaapi->ReturnRenderPicture(this). We know that once refCount reaches zero it will never be changed again, but the compiler can't know that and must reload its value from memory for the return value. So instead of looking ip refCount again, we simply return 0.
author: Max Kellermann <max@duempel.org> 2015-12-07 10:43:20 +0100
committer: Max Kellermann <max@duempel.org> 2015-12-08 15:55:25 +0100
commit: 028777b027fbbbc0c11cd618589c7ecb34161caf (patch)
tree: f408435895017979de95fbec108cdab64ccf3d94
parent: 89ca6300ef44a95aa9a5ecbfa92709978a66b352 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/xbmc/cores/dvdplayer/DVDCodecs/Video/VAAPI.cpp b/xbmc/cores/dvdplayer/DVDCodecs/Video/VAAPI.cpp
index f8050b646a..19f05ca5e3 100644
--- a/xbmc/cores/dvdplayer/DVDCodecs/Video/VAAPI.cpp
+++ b/xbmc/cores/dvdplayer/DVDCodecs/Video/VAAPI.cpp
@@ -1179,7 +1179,7 @@ long CVaapiRenderPicture::Release()
   vaapi->ReturnRenderPicture(this);
   vaapi->ReleasePicReference();
 
-  return refCount;
+  return 0;
 }
 
 void CVaapiRenderPicture::ReturnUnused()
author	Max Kellermann <max@duempel.org>	2015-12-07 10:43:20 +0100
committer	Max Kellermann <max@duempel.org>	2015-12-08 15:55:25 +0100
commit	028777b027fbbbc0c11cd618589c7ecb34161caf (patch)
tree	f408435895017979de95fbec108cdab64ccf3d94
parent	89ca6300ef44a95aa9a5ecbfa92709978a66b352 (diff)