[FFmpeg-cvslog] avcodec/hw_base_encode: fix use after free on close
Marvin Scholz
git at videolan.org
Fri Oct 18 12:19:36 EEST 2024
ffmpeg | branch: master | Marvin Scholz <epirat07 at gmail.com> | Thu Oct 17 20:23:40 2024 +0200| [c98810ab47fa1cf339b16045e27fbe12b3a19951] | committer: Lynne
avcodec/hw_base_encode: fix use after free on close
The way the linked list of images was freed caused a
use after free, by accessing pic->next after pic was
already freed.
Regression from 48a1a12968345bf673db1e1cbb5c64bd3529c50c
Fix CID1633236
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c98810ab47fa1cf339b16045e27fbe12b3a19951
---
libavcodec/hw_base_encode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/hw_base_encode.c b/libavcodec/hw_base_encode.c
index 912c707a68..4d8bf4fe71 100644
--- a/libavcodec/hw_base_encode.c
+++ b/libavcodec/hw_base_encode.c
@@ -804,10 +804,10 @@ int ff_hw_base_encode_init(AVCodecContext *avctx, FFHWBaseEncodeContext *ctx)
int ff_hw_base_encode_close(FFHWBaseEncodeContext *ctx)
{
- FFHWBaseEncodePicture *pic;
-
- for (pic = ctx->pic_start; pic; pic = pic->next)
+ for (FFHWBaseEncodePicture *pic = ctx->pic_start, *next_pic = pic; pic; pic = next_pic) {
+ next_pic = pic->next;
base_encode_pic_free(pic);
+ }
av_fifo_freep2(&ctx->encode_fifo);
More information about the ffmpeg-cvslog
mailing list