[FFmpeg-cvslog] avcodec/g2meet: Clear pointers after deallocation
Michael Niedermayer
git at videolan.org
Wed Jul 8 15:54:49 CEST 2015
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Jul 8 15:38:37 2015 +0200| [80e42387dc524a6c893bca3ec27d55a850af58e4] | committer: Michael Niedermayer
avcodec/g2meet: Clear pointers after deallocation
Fixes double free
Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=80e42387dc524a6c893bca3ec27d55a850af58e4
---
libavcodec/g2meet.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c
index 644d0a2..b952adb 100644
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -1171,11 +1171,12 @@ static int g2m_init_buffers(G2MContext *c)
c->tile_stride = FFALIGN(c->tile_width, 16) * 3;
c->epic_buf_stride = FFALIGN(c->tile_width * 4, 16);
aligned_height = FFALIGN(c->tile_height, 16);
- av_free(c->synth_tile);
- av_free(c->jpeg_tile);
- av_free(c->kempf_buf);
- av_free(c->kempf_flags);
- av_free(c->epic_buf_base);
+ av_freep(&c->synth_tile);
+ av_freep(&c->jpeg_tile);
+ av_freep(&c->kempf_buf);
+ av_freep(&c->kempf_flags);
+ av_freep(&c->epic_buf_base);
+ c->epic_buf = NULL;
c->synth_tile = av_mallocz(c->tile_stride * aligned_height);
c->jpeg_tile = av_mallocz(c->tile_stride * aligned_height);
c->kempf_buf = av_mallocz((c->tile_width + 1) * aligned_height +
@@ -1604,6 +1605,7 @@ static av_cold int g2m_decode_end(AVCodecContext *avctx)
jpg_free_context(&c->jc);
av_freep(&c->epic_buf_base);
+ c->epic_buf = NULL;
av_freep(&c->kempf_buf);
av_freep(&c->kempf_flags);
av_freep(&c->synth_tile);
More information about the ffmpeg-cvslog
mailing list