[MPlayer-cvslog] r37853 - trunk/mencoder.c
reimar
subversion at mplayerhq.hu
Wed Apr 6 21:58:22 CEST 2016
Author: reimar
Date: Wed Apr 6 21:58:21 2016
New Revision: 37853
Log:
Fix potential invalid free.
Might fix issue 2293.
Modified:
trunk/mencoder.c
Modified: trunk/mencoder.c
==============================================================================
--- trunk/mencoder.c Tue Mar 29 05:19:49 2016 (r37852)
+++ trunk/mencoder.c Wed Apr 6 21:58:21 2016 (r37853)
@@ -560,6 +560,8 @@ uint32_t duplicatedframes=0;
uint32_t badframes=0;
muxer_stream_t* mux_a=NULL;
+// For correct deallocation
+unsigned char *mux_v_buffer = NULL;
muxer_stream_t* mux_v=NULL;
off_t muxer_f_size=0;
@@ -856,7 +858,7 @@ muxer->audio_delay_fix = audio_delay_fix
mux_v=muxer_new_stream(muxer,MUXER_TYPE_VIDEO);
mux_v->buffer_size=0x800000; // 8MB
-mux_v->buffer=malloc(mux_v->buffer_size);
+mux_v->buffer=mux_v_buffer=malloc(mux_v->buffer_size);
mux_v->source=sh_video;
@@ -1733,7 +1735,9 @@ if(sh_audio){ uninit_audio(sh_audio);sh_
if(sh_video){ uninit_video(sh_video);sh_video=NULL; }
if(demuxer) free_demuxer(demuxer);
if(stream) free_stream(stream); // kill cache thread
-if(mux_v) free(mux_v->buffer);
+// Do not free mux_v->buffer, it may have been overwritten
+// with something we should not free.
+if(mux_v) free(mux_v_buffer);
if(mux_a) free(mux_a->buffer);
common_uninit();
mp_msg_uninit();
More information about the MPlayer-cvslog
mailing list