[FFmpeg-trac] #8224(avfilter:new): A Double-Free Bug
FFmpeg
trac at avcodec.org
Mon Oct 7 11:20:34 EEST 2019
#8224: A Double-Free Bug
-----------------------------------+--------------------------------------
Reporter: wurongxin | Type: defect
Status: new | Priority: normal
Component: avfilter | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+--------------------------------------
Summary of the bug:
How to reproduce:
{{{
% ffmpeg -i input ... output
ffmpeg version
built on ...
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
In the source file libavfilter/vf_nnedi.c, in the function "static int
filter_frame", there is a possible double-free bug. Please see the
following code snippet. At Line 835, the variable s->second would be alias
with src. At Line 860, the variable s->src would be alias with src. Thus,
s->second would be alias with s->src. At Line 864 and 865, it would
potentially make s->src or s->second freed twice.
831. second:
832. if ((s->deint && src->interlaced_frame &&
833. !ctx->is_disabled) ||
834. (!s->deint && !ctx->is_disabled)) {
835. s->second = src;
836. }
837. }
...
860. s->src = src;
861. ret = get_frame(ctx, 0);
862. if (ret < 0) {
863. av_frame_free(&s->dst);
864. av_frame_free(&s->src);
865. av_frame_free(&s->second);
866. return ret;
867. }
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8224>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list