[FFmpeg-trac] #8259(undetermined:reopened): A use-after-free bug in libavcodec/utils.c
FFmpeg
trac at avcodec.org
Sun Oct 13 17:03:03 EEST 2019
#8259: A use-after-free bug in libavcodec/utils.c
-------------------------------------+-------------------------------------
Reporter: wurongxin | Owner:
Type: defect | Status: reopened
Priority: normal | Component:
| undetermined
Version: 3.4.6 | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by wurongxin):
* status: closed => reopened
* resolution: invalid =>
Comment:
Replying to [comment:1 mkver]:
> Having a dangling pointer and using it in a function call does not
constitute a use-after-free; for this, one would have to try to access the
(invalid) data at the place where the pointer points to.
I don't think this is a safe operation and a good practice to write the
code like that way. Moreover, it totally matches the definition of use-
after-free. A very simple solution would be to swap the Line 104 and 105.
Please consider it carefully. BTW, this happens in libavcodec, why you
label the component as undetermined?
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8259#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list