diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2015-07-08 15:38:37 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2015-07-08 15:38:37 +0200 |
| commit | 80e42387dc524a6c893bca3ec27d55a850af58e4 (patch) | |
| tree | f1f940ab3306f0b1ee7ab6952b931cf6d7cfbf0f /libavcodec | |
| parent | e34a3468f294f21878875e0f6ad5564cd52af70e (diff) | |
| download | ffmpeg-80e42387dc524a6c893bca3ec27d55a850af58e4.tar.gz | |
avcodec/g2meet: Clear pointers after deallocation
Fixes double free
Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
| -rw-r--r-- | libavcodec/g2meet.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index 644d0a22b1..b952adbb17 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -1171,11 +1171,12 @@ static int g2m_init_buffers(G2MContext *c) c->tile_stride = FFALIGN(c->tile_width, 16) * 3; c->epic_buf_stride = FFALIGN(c->tile_width * 4, 16); aligned_height = FFALIGN(c->tile_height, 16); - av_free(c->synth_tile); - av_free(c->jpeg_tile); - av_free(c->kempf_buf); - av_free(c->kempf_flags); - av_free(c->epic_buf_base); + av_freep(&c->synth_tile); + av_freep(&c->jpeg_tile); + av_freep(&c->kempf_buf); + av_freep(&c->kempf_flags); + av_freep(&c->epic_buf_base); + c->epic_buf = NULL; c->synth_tile = av_mallocz(c->tile_stride * aligned_height); c->jpeg_tile = av_mallocz(c->tile_stride * aligned_height); c->kempf_buf = av_mallocz((c->tile_width + 1) * aligned_height + @@ -1604,6 +1605,7 @@ static av_cold int g2m_decode_end(AVCodecContext *avctx) jpg_free_context(&c->jc); av_freep(&c->epic_buf_base); + c->epic_buf = NULL; av_freep(&c->kempf_buf); av_freep(&c->kempf_flags); av_freep(&c->synth_tile); |