[FFmpeg-devel] [PATCH 2/2] avcodec/vda_h264{, _dec}: fix leak of buffers

Michael Niedermayer michaelni at gmx.at
Tue May 21 00:25:00 CEST 2013

On Mon, May 20, 2013 at 11:28:07PM +0800, Xidorn Quan wrote:
> CVPixelBuffers in vda_h264_end_frame may never be got by outside, so it
> should be managed inside the hwaccel. This patch will break applications
> which use this hwaccel because of double releasing, but it is impossible
> to keep compatibility and fix this leak at the same time.

A double free is a security issue that can under some circumstances
be exploited.
A different solution has to be found than causing double frees in
any case.
For example returning with an error + av_log() message. If
keeping compatibility is not practical.

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130521/f0daf115/attachment.asc>

More information about the ffmpeg-devel mailing list