[FFmpeg-cvslog] mpegvideo: set AVFrame fields to NULL after freeing the base memory

Janne Grunau git at videolan.org
Fri Sep 7 13:50:44 CEST 2012


ffmpeg | branch: master | Janne Grunau <janne-libav at jannau.net> | Wed Sep  5 20:25:48 2012 +0200| [59383d574046616ede75e51eeb404c9eb8b56d40] | committer: Janne Grunau

mpegvideo: set AVFrame fields to NULL after freeing the base memory

Prevents dangling pointers and makes access after free more obvious.
Setting AVFrame.qscale_table to NULL is required for successfully
allocating a previously freed Picture with ff_alloc_picture().

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=59383d574046616ede75e51eeb404c9eb8b56d40
---

 libavcodec/mpegvideo.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c
index 718df8b..f51184f 100644
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -393,13 +393,16 @@ static void free_picture(MpegEncContext *s, Picture *pic)
     av_freep(&pic->mb_mean);
     av_freep(&pic->f.mbskip_table);
     av_freep(&pic->qscale_table_base);
+    pic->f.qscale_table = NULL;
     av_freep(&pic->mb_type_base);
+    pic->f.mb_type = NULL;
     av_freep(&pic->f.dct_coeff);
     av_freep(&pic->f.pan_scan);
     pic->f.mb_type = NULL;
     for (i = 0; i < 2; i++) {
         av_freep(&pic->motion_val_base[i]);
         av_freep(&pic->f.ref_index[i]);
+        pic->f.motion_val[i] = NULL;
     }
 
     if (pic->f.type == FF_BUFFER_TYPE_SHARED) {



More information about the ffmpeg-cvslog mailing list