[FFmpeg-cvslog] avcodec/h264: Clear delayed_pic on deallocation
Michael Niedermayer
git at videolan.org
Thu Dec 18 19:21:17 CET 2014
ffmpeg | branch: release/1.2 | Michael Niedermayer <michaelni at gmx.at> | Wed Dec 17 21:27:37 2014 +0100| [a9c0f905aa3bd5342ffa3a0e9d54172d4c541903] | committer: Michael Niedermayer
avcodec/h264: Clear delayed_pic on deallocation
Fixes use of freed memory
Fixes: case5_av_frame_copy_props.mp4
Found-by: Michal Zalewski <lcamtuf at coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit e8714f6f93d1a32f4e4655209960afcf4c185214)
Conflicts:
libavcodec/h264.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9c0f905aa3bd5342ffa3a0e9d54172d4c541903
---
libavcodec/h264.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index dbed0f0..37f770e 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -1043,6 +1043,7 @@ static void free_tables(H264Context *h, int free_rbsp)
av_freep(&h->visualization_buffer[i]);
if (free_rbsp) {
+ memset(h->delayed_pic, 0, sizeof(h->delayed_pic));
for (i = 0; i < h->picture_count && !h->avctx->internal->is_copy; i++)
free_picture(h, &h->DPB[i]);
av_freep(&h->DPB);
More information about the ffmpeg-cvslog
mailing list