[FFmpeg-devel] [PATCH 3/4] avformat/dvdvideodec: Only free allocated buffers

[Andreas Rheinhardt]

James Almer:
> On 3/2/2024 12:47 PM, Andreas Rheinhardt wrote:
>> Andreas Rheinhardt:
>>> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
>>> ---
>>> How has this slipped through?
>>
>> Answer: AVIOContext starts with an AVClass* that is unset when using
>> ffio_init_context(). Therefore the av_freep() leads to freeing of a NULL
>> pointer which does not segfault.
> 
> Would setting s->av_class to &ff_avio_options in ffio_init_context()
> prevent this from happening again?
> 

ff_avio_options is not an AVClass, so this is wrong; setting it to
ff_avio_class would also be wrong, because said class is only to be used
with the URLProtocol-based AVIOContexts (the child_next and
child_class_iterate callbacks are designed for this; the former returns
the AVIOContext's opaque, believing it to point to an URLContext, yet in
general it need not point to an AVClass-enabled struct at all).

In fact, ff_avio_options etc. should be moved to avio.c. I'll look into
this.

>>
>>> Btw: This patchset is based upon code inspection, not on reading
>>> actual files.
>>>
>>>   libavformat/dvdvideodec.c | 1 -
>>>   1 file changed, 1 deletion(-)
>>>
>>> diff --git a/libavformat/dvdvideodec.c b/libavformat/dvdvideodec.c
>>> index ef2d4e6df4..f2f23affb2 100644
>>> --- a/libavformat/dvdvideodec.c
>>> +++ b/libavformat/dvdvideodec.c
>>> @@ -1202,7 +1202,6 @@ static void
>>> dvdvideo_subdemux_close(AVFormatContext *s)
>>>       DVDVideoDemuxContext *c = s->priv_data;
>>>         av_freep(&c->mpeg_pb.pub.buffer);
>>> -    av_freep(&c->mpeg_pb);
>>>       avformat_close_input(&c->mpeg_ctx);
>>>   }
>>>   
>>