[FFmpeg-cvslog] lavfi: fix use-after-free in ff_filter_frame.

Nicolas George git at videolan.org
Tue Jan 8 13:40:36 CET 2013


ffmpeg | branch: master | Nicolas George <nicolas.george at normalesup.org> | Tue Jan  8 12:46:13 2013 +0100| [ff6b34009d4571ae0a4d130c0f8d27706a4c4026] | committer: Nicolas George

lavfi: fix use-after-free in ff_filter_frame.

Unlike the original ff_start_frame code, the incoming reference
may be freed before that point.

Fix CID966654.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff6b34009d4571ae0a4d130c0f8d27706a4c4026
---

 libavfilter/avfilter.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/avfilter.c b/libavfilter/avfilter.c
index 4edd5be..8c06173 100644
--- a/libavfilter/avfilter.c
+++ b/libavfilter/avfilter.c
@@ -706,7 +706,7 @@ static int ff_filter_frame_framed(AVFilterLink *link, AVFilterBufferRef *frame)
     } else
         out = frame;
 
-    while(cmd && cmd->time <= frame->pts * av_q2d(link->time_base)){
+    while(cmd && cmd->time <= out->pts * av_q2d(link->time_base)){
         av_log(link->dst, AV_LOG_DEBUG,
                "Processing command time:%f command:%s arg:%s\n",
                cmd->time, cmd->command, cmd->arg);



More information about the ffmpeg-cvslog mailing list