[FFmpeg-cvslog] ffplay: fix use after free
Michael Niedermayer
git at videolan.org
Thu Jun 7 22:00:39 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Jun 6 23:17:29 2012 +0200| [c9651d4bee36c8d28729622bcf57df8a9e1aa70c] | committer: Marton Balint
ffplay: fix use after free
reproduceable with:
ffmpeg -i tests/lena.pnm -pix_fmt pal8 -vcodec rawvideo -s 512x512 out.avi
valgrind ffplay_g out.avi
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Marton Balint <cus at passwd.hu>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9651d4bee36c8d28729622bcf57df8a9e1aa70c
---
ffplay.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/ffplay.c b/ffplay.c
index 7b9c42e..cbbbe7d 100644
--- a/ffplay.c
+++ b/ffplay.c
@@ -1672,10 +1672,11 @@ static int video_thread(void *arg)
ret = get_video_frame(is, frame, &pts_int, &pkt);
if (ret < 0)
goto the_end;
- av_free_packet(&pkt);
- if (!ret)
+ if (!ret) {
+ av_free_packet(&pkt);
continue;
+ }
is->frame_last_filter_delay = av_gettime() / 1000000.0 - is->frame_last_returned_time;
if (fabs(is->frame_last_filter_delay) > AV_NOSYNC_THRESHOLD / 10.0)
@@ -1688,8 +1689,10 @@ static int video_thread(void *arg)
last_w, last_h, is->video_st->codec->width, is->video_st->codec->height);
avfilter_graph_free(&graph);
graph = avfilter_graph_alloc();
- if ((ret = configure_video_filters(graph, is, vfilters)) < 0)
+ if ((ret = configure_video_filters(graph, is, vfilters)) < 0) {
+ av_free_packet(&pkt);
goto the_end;
+ }
filt_out = is->out_video_filter;
last_w = is->video_st->codec->width;
last_h = is->video_st->codec->height;
@@ -1714,6 +1717,8 @@ static int video_thread(void *arg)
} else
av_buffersrc_write_frame(filt_in, frame);
+ av_free_packet(&pkt);
+
while (ret >= 0) {
ret = av_buffersink_get_buffer_ref(filt_out, &picref, 0);
if (ret < 0) {
More information about the ffmpeg-cvslog
mailing list