[FFmpeg-devel] rmdec.c: double free
Reimar Döffinger
Reimar.Doeffinger
Sun Dec 28 15:44:17 CET 2008
On Sun, Dec 28, 2008 at 03:21:49PM +0100, Michael Niedermayer wrote:
> On Sun, Dec 28, 2008 at 09:08:45AM -0500, Ronald S. Bultje wrote:
> > Hi,
> >
> > my previous commit induces a double free in priv_data. Attached patch
> > fixes this.
>
> the bug is a double free, the fix has to involve removing a av_free()
>
> also if ff_rm_free_rmstream() frees priv_data (and that looks invalid already)
> then priv_data has to be NULL after ff_rm_free_rmstream()
I'd suspect this would be a proper solution, though it may be disputable
if it should be done in two steps (the av_free -> av_freep should not be
necessary (I did not test) but IMO is preferable):
Index: rmdec.c
===================================================================
--- rmdec.c (revision 16369)
+++ rmdec.c (working copy)
@@ -81,9 +81,8 @@
void ff_rm_free_rmstream (RMStream *rms)
{
- av_free(rms->videobuf);
- av_free(rms->audiobuf);
- av_free(rms);
+ av_freep(&rms->videobuf);
+ av_freep(&rms->audiobuf);
}
static int rm_read_audio_stream_info(AVFormatContext *s, ByteIOContext *pb,
More information about the ffmpeg-devel
mailing list