[FFmpeg-devel] [PATCH] deobfuscate ff_interleave_add_packet

avcoder ffmpeg
Sun Apr 12 06:08:14 CEST 2009


Dear?

On Sat, Apr 11, 2009 at 8:54 PM, Reimar D?ffinger
<Reimar.Doeffinger at gmx.de>wrote:

> Hello,
> I propose this change:
> Index: libavformat/utils.c
> ===================================================================
> --- libavformat/utils.c (revision 18431)
> +++ libavformat/utils.c (working copy)
> @@ -2613,10 +2613,8 @@
>
>     this_pktl = av_mallocz(sizeof(AVPacketList));
>     this_pktl->pkt= *pkt;
> -    if(pkt->destruct == av_destruct_packet)
> -        pkt->destruct= NULL; // not shared -> must keep original from
> being freed
> -    else
> -        av_dup_packet(&this_pktl->pkt);  //shared -> must dup
> +    pkt->destruct= NULL; // do not free original but only the copy
> +    av_dup_packet(&this_pktl->pkt);  // duplicate the packet if it uses
> non-alloced memory
>
>     next_point = &s->packet_buffer;
>     while(*next_point){
>
> Reasons:
> Besides being simpler, there are 3 cases, (the deprecated nofree treated
> the same as NULL):
> 1) pkt->destruct == NULL, behaviour is unchanged
> 2) pkt->destruct == av_destruct_packet, behaviour is unchanged since
>   av_dup_packet is a nop then
> 3) pkt->destruct something else:
>  old code:
>    av_dup_packet is called but is a nop, thus destruct will later be
>    called twice resulting in something equivalent to a double free
>  new code:
>    destruct will only be called for the copy


Could you elaborate the case 3?

Why "the destruct will later be called TWICE resulting in something
equivalent to a double free"?

I think there is no any opportunity to call TWICE in this case!

Thanks

----------------------------------------------
Inspired by http://ppnext.com
Your potential. Our passion.



More information about the ffmpeg-devel mailing list