[FFmpeg-cvslog] avfilter/asrc_flite: Fix use-after-frees

[Andreas Rheinhardt]

ffmpeg | branch: release/4.4 | Andreas Rheinhardt <andreas.rheinhardt at outlook.com> | Wed Oct  6 17:21:04 2021 +0200| [bdb5f6e7f8ea9b37e0dedd34b4ef1887c02d4db4] | committer: Andreas Rheinhardt

avfilter/asrc_flite: Fix use-after-frees

When an flite filter instance is uninitialized and the refcount
of the corresponding voice_entry reaches zero, the voice is
unregistered, yet the voice_entry's pointer to the voice is not reset.
(Whereas some other pointers are needlessly reset.)
Because of this a new flite filter instance will believe said voice
to already be registered, leading to use-after-frees.
Fix this by resetting the right pointer instead of the wrong ones.

Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
(cherry picked from commit 18ddb25c7a58404641de2f6aa68220bd509e376c)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bdb5f6e7f8ea9b37e0dedd34b4ef1887c02d4db4
---

 libavfilter/asrc_flite.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavfilter/asrc_flite.c b/libavfilter/asrc_flite.c
index 71924e7e1a..6373ae761d 100644
--- a/libavfilter/asrc_flite.c
+++ b/libavfilter/asrc_flite.c
@@ -197,10 +197,10 @@ static av_cold void uninit(AVFilterContext *ctx)
     FliteContext *flite = ctx->priv;
 
     if (flite->voice_entry) {
-        if (!--flite->voice_entry->usage_count)
+        if (!--flite->voice_entry->usage_count) {
             flite->voice_entry->unregister_fn(flite->voice);
-        flite->voice = NULL;
-        flite->voice_entry = NULL;
+            flite->voice_entry->voice = NULL;
+        }
     }
     delete_wave(flite->wave);
     flite->wave = NULL;