[FFmpeg-cvslog] avcodec/h264: Clear delayed_pic on deallocation
Michael Niedermayer
git at videolan.org
Tue Jan 20 03:36:19 CET 2015
ffmpeg | branch: release/2.2 | Michael Niedermayer <michaelni at gmx.at> | Wed Dec 17 21:27:37 2014 +0100| [25dc978bb1b50a94fae5e66779c87ece76bde323] | committer: Michael Niedermayer
avcodec/h264: Clear delayed_pic on deallocation
Fixes use of freed memory
Fixes: case5_av_frame_copy_props.mp4
Found-by: Michal Zalewski <lcamtuf at coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit e8714f6f93d1a32f4e4655209960afcf4c185214)
Conflicts:
libavcodec/h264.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25dc978bb1b50a94fae5e66779c87ece76bde323
---
libavcodec/h264.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 6aa20f5..ab4d211 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -1233,6 +1233,7 @@ static void free_tables(H264Context *h, int free_rbsp)
av_buffer_pool_uninit(&h->ref_index_pool);
if (free_rbsp && h->DPB) {
+ memset(h->delayed_pic, 0, sizeof(h->delayed_pic));
for (i = 0; i < MAX_PICTURE_COUNT; i++)
unref_picture(h, &h->DPB[i]);
av_freep(&h->DPB);
More information about the ffmpeg-cvslog
mailing list