breeze/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2026-02-04 14:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/hw_base_encode: fix use after free on close

Browse Source 
The way the linked list of images was freed caused a
use after free, by accessing pic->next after pic was
already freed.

Regression from 48a1a12968

Fix CID1633236
This commit is contained in:
Marvin Scholz
2024-10-17 20:23:40 +02:00
committed by Lynne
parent dfaade76db
commit c98810ab47
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/hw_base_encode.c
View File

@@ -804,10 +804,10 @@ int ff_hw_base_encode_init(AVCodecContext *avctx, FFHWBaseEncodeContext *ctx)
int ff_hw_base_encode_close(FFHWBaseEncodeContext *ctx)
{
FFHWBaseEncodePicture *pic;
for (pic = ctx->pic_start; pic; pic = pic->next)
for (FFHWBaseEncodePicture *pic = ctx->pic_start, *next_pic = pic; pic; pic = next_pic) {
next_pic = pic->next;
base_encode_pic_free(pic);
}
av_fifo_freep2(&ctx->encode_fifo);