[FFmpeg-devel] rmdec.c: double free

Reimar Döffinger Reimar.Doeffinger
Sun Dec 28 15:44:17 CET 2008


On Sun, Dec 28, 2008 at 03:21:49PM +0100, Michael Niedermayer wrote:
> On Sun, Dec 28, 2008 at 09:08:45AM -0500, Ronald S. Bultje wrote:
> > Hi,
> > 
> > my previous commit induces a double free in priv_data. Attached patch
> > fixes this.
> 
> the bug is a double free, the fix has to involve removing a av_free()
> 
> also if ff_rm_free_rmstream() frees priv_data (and that looks invalid already)
> then priv_data has to be NULL after ff_rm_free_rmstream()

I'd suspect this would be a proper solution, though it may be disputable
if it should be done in two steps (the av_free -> av_freep should not be
necessary (I did not test) but IMO is preferable):

Index: rmdec.c
===================================================================
--- rmdec.c     (revision 16369)
+++ rmdec.c     (working copy)
@@ -81,9 +81,8 @@
 
 void ff_rm_free_rmstream (RMStream *rms)
 {
-    av_free(rms->videobuf);
-    av_free(rms->audiobuf);
-    av_free(rms);
+    av_freep(&rms->videobuf);
+    av_freep(&rms->audiobuf);
 }
 
 static int rm_read_audio_stream_info(AVFormatContext *s, ByteIOContext *pb,




More information about the ffmpeg-devel mailing list