[FFmpeg-trac] #8224(avfilter:new): A Double-Free Bug

FFmpeg trac at avcodec.org
Mon Oct 7 11:20:34 EEST 2019


#8224: A Double-Free Bug
-----------------------------------+--------------------------------------
             Reporter:  wurongxin  |                     Type:  defect
               Status:  new        |                 Priority:  normal
            Component:  avfilter   |                  Version:  git-master
             Keywords:             |               Blocked By:
             Blocking:             |  Reproduced by developer:  0
Analyzed by developer:  0          |
-----------------------------------+--------------------------------------
 Summary of the bug:
 How to reproduce:
 {{{
 % ffmpeg -i input ... output
 ffmpeg version
 built on ...
 }}}
 Patches should be submitted to the ffmpeg-devel mailing list and not this
 bug tracker.

 In the source file libavfilter/vf_nnedi.c, in the function "static int
 filter_frame", there is a possible double-free bug. Please see the
 following code snippet. At Line 835, the variable s->second would be alias
 with src. At Line 860, the variable s->src would be alias with src. Thus,
 s->second would be alias with s->src. At Line 864 and 865, it would
 potentially make s->src or s->second freed twice.



 831.    second:
 832.            if ((s->deint && src->interlaced_frame &&
 833.                !ctx->is_disabled) ||
 834.                (!s->deint && !ctx->is_disabled)) {
 835.                s->second = src;
 836.            }
 837.        }
 ...
 860.    s->src = src;
 861.    ret = get_frame(ctx, 0);
 862.    if (ret < 0) {
 863.        av_frame_free(&s->dst);
 864.        av_frame_free(&s->src);
 865.        av_frame_free(&s->second);
 866.        return ret;
 867.    }

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8224>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list