From 90f647c29be3eb436fb8b6be612f64ec686a48a8 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Date: Mon, 19 Aug 2019 23:56:19 +0200
Subject: avformat/utils: Preserve integrity of linked list

1. Instead of relying on ff_packet_list_get to get the oldest element in
an AVPacketList, ff_read_packet used its own ad-hoc code. Said code
forgot to set the end of the list to NULL if the last element of the
list has been removed, thereby leaving the list in an inconsistent state.
2. Furthermore, if the list was not empty, the oldest element of the
list would always be copied into another packet structure before it was
known whether the oldest entry of the list would be removed. This makes
the ownership confusing and potentially copies unnecessarily.

Both of these issues have been fixed. ff_packet_list_get is used now.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/utils.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'libavformat')

diff --git a/libavformat/utils.c b/libavformat/utils.c
index b83a740500..3983a3f4ce 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -837,15 +837,14 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt)
         AVPacketList *pktl = s->internal->raw_packet_buffer;
 
         if (pktl) {
-            *pkt = pktl->pkt;
-            st   = s->streams[pkt->stream_index];
+            st = s->streams[pktl->pkt.stream_index];
             if (s->internal->raw_packet_buffer_remaining_size <= 0)
                 if ((err = probe_codec(s, st, NULL)) < 0)
                     return err;
             if (st->request_probe <= 0) {
-                s->internal->raw_packet_buffer                 = pktl->next;
+                ff_packet_list_get(&s->internal->raw_packet_buffer,
+                                   &s->internal->raw_packet_buffer_end, pkt);
                 s->internal->raw_packet_buffer_remaining_size += pkt->size;
-                av_free(pktl);
                 return 0;
             }
         }
-- 
cgit v1.2.3