[FFmpeg-devel] [PATCH] lavf/tee: fix side data double free.

Ganesh Ajjanagadde gajjanag at mit.edu
Sat Oct 10 15:26:18 CEST 2015


On Sat, Oct 10, 2015 at 9:19 AM, Nicolas George <george at nsup.org> wrote:
> Similar to 33fefdb44.
> Fix trac ticket #4921.
>
> Signed-off-by: Nicolas George <george at nsup.org>
> ---
>  libavformat/tee.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/libavformat/tee.c b/libavformat/tee.c
> index c619eae..a86952b 100644
> --- a/libavformat/tee.c
> +++ b/libavformat/tee.c
> @@ -403,6 +403,8 @@ static int filter_packet(void *log_ctx, AVPacket *pkt,
>          }
>
>          if (ret > 0) {
> +            pkt->side_data = NULL;
> +            pkt->side_data_elems = 0;
>              av_free_packet(pkt);
>              new_pkt.buf = av_buffer_create(new_pkt.data, new_pkt.size,
>                                             av_buffer_default_free, NULL, 0);
> --
> 2.6.1

LGTM. Note that 33fefdb44 was the subject of a recent CID that I have
marked as a false positive, since it can't analyze to determine that
pkt->side_data is not dereferenced in av_free_packet_side_data (called
by av_free_packat). This is just a heads up; we might get a false
positive for this as well.

>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel


More information about the ffmpeg-devel mailing list