[MPlayer-cvslog] r38403 - trunk/libmpcodecs/dec_video.c

[reimar]

Author: reimar
Date: Thu Sep  1 21:18:04 2022
New Revision: 38403

Log:
dec_video.c: Fix use after free introduced by recent leak fix.

Decoders must be freed before filters, or we might
end up using the freed images owned by filters.

Modified:
   trunk/libmpcodecs/dec_video.c

Modified: trunk/libmpcodecs/dec_video.c
==============================================================================
--- trunk/libmpcodecs/dec_video.c	Thu Sep  1 21:12:17 2022	(r38402)
+++ trunk/libmpcodecs/dec_video.c	Thu Sep  1 21:18:04 2022	(r38403)
@@ -173,12 +173,7 @@ int get_current_video_decoder_lag(sh_vid
 
 void uninit_video(sh_video_t *sh_video)
 {
-    if (sh_video->vfilter) {
-        vf_uninit_filter_chain(sh_video->vfilter);
-        sh_video->vfilter = NULL;
-    }
-    if (!sh_video->initialized)
-        return;
+    if (sh_video->initialized) {
     mp_msg(MSGT_DECVIDEO, MSGL_V, "Uninit video: %s\n", codec_idx2str(sh_video->codec->drv_idx));
     mpvdec->uninit(sh_video);
     mpvdec = NULL;
@@ -188,6 +183,13 @@ void uninit_video(sh_video_t *sh_video)
 #endif
     eosd_uninit();
     sh_video->initialized = 0;
+    }
+    // do this after decoders, as it frees the
+    // mp_image that might still be in use by decoders
+    if (sh_video->vfilter) {
+        vf_uninit_filter_chain(sh_video->vfilter);
+        sh_video->vfilter = NULL;
+    }
 }
 
 void vfm_help(void)