[FFmpeg-devel] rmdec.c: double free

Ronald S. Bultje rsbultje
Sun Dec 28 16:34:48 CET 2008


On Sun, Dec 28, 2008 at 9:21 AM, Michael Niedermayer <michaelni at gmx.at> wrote:
> the bug is a double free, the fix has to involve removing a av_free()

The priv_data (rms) is free'ed twice. Setting it to NULL prevents the
second free. Reimar's solution would work also.

> also if ff_rm_free_rmstream() frees priv_data (and that looks invalid already)
> then priv_data has to be NULL after ff_rm_free_rmstream()

I'll remove that instead, as Reimar suggested. See attached (prevents
another memleak if I remove the av_free()).

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rmdec-no-dbl-free.patch
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20081228/88c884a4/attachment.asc>

More information about the ffmpeg-devel mailing list