[FFmpeg-cvslog] ffserver: Clear avio context after closing it

Tue Dec 1 00:02:57 CET 2015

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sun Nov  1 18:34:44 2015 +0100| [40063a900b6d5e39d3fab8ec9890cf8af02f8268] | committer: Michael Niedermayer

ffserver: Clear avio context after closing it

Fixes: ==13287== Invalid read of size 4
==13287==    at 0x45161A: flush_buffer (aviobuf.c:143)
==13287==    by 0x451971: avio_flush (aviobuf.c:200)
==13287==    by 0x512CCF: av_write_trailer (mux.c:1016)
==13287==    by 0x41A5E0: close_connection (ffserver.c:853)
==13287==    by 0x421EDC: rtsp_cmd_interrupt (ffserver.c:3245)
==13287==    by 0x420B9C: rtsp_parse_request (ffserver.c:2854)
==13287==    by 0x41A9C2: handle_connection (ffserver.c:930)
==13287==    by 0x41A04B: http_server (ffserver.c:700)
==13287==    by 0x423A60: main (ffserver.c:3897)
==13287==  Address 0xb6cd258 is 88 bytes inside a block of size 192 free'd
==13287==    at 0x4C2B5D9: free (vg_replace_malloc.c:446)
==13287==    by 0x1004DAC: av_free (mem.c:239)
==13287==    by 0x454835: avio_close_dyn_buf (aviobuf.c:1170)
==13287==    by 0x41F385: http_prepare_data (ffserver.c:2368)
==13287==    by 0x41F59B: http_send_data (ffserver.c:2416)
==13287==    by 0x41ABE2: handle_connection (ffserver.c:986)
==13287==    by 0x41A04B: http_server (ffserver.c:700)
==13287==    by 0x423A60: main (ffserver.c:3897)

Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo at osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40063a900b6d5e39d3fab8ec9890cf8af02f8268
---

 ffserver.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/ffserver.c b/ffserver.c
index 65ae431..d3fcb82 100644
--- a/ffserver.c
+++ b/ffserver.c
@@ -2370,6 +2370,7 @@ static int http_prepare_data(HTTPContext *c)
 
                     av_freep(&c->pb_buffer);
                     len = avio_close_dyn_buf(ctx->pb, &c->pb_buffer);
+                    ctx->pb = NULL;
                     c->cur_frame_bytes = len;
                     c->buffer_ptr = c->pb_buffer;
                     c->buffer_end = c->pb_buffer + len;

