xenia-project/FFmpeg
1
0
Fork 0
mirror of https://github.com/xenia-project/FFmpeg.git synced 2024-11-24 03:59:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

h264_metadata: Fix double-free

Browse Source 
Whether the udu string should be freed depends on whether the SEI it
gets added to was created internally by cbs or externally by the bsf.
The current code frees it twice in the former case.
This commit is contained in:
Mark Thompson 2017-08-20 22:46:17 +01:00
parent e7f64191b2
commit c42b62d1f9
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libavcodec/h264_metadata_bsf.c
View File

@ -293,7 +293,7 @@ static int h264_metadata_filter(AVBSFContext *bsf, AVPacket *out)
H264RawSEI *sei;
H264RawSEIPayload *payload;
H264RawSEIUserDataUnregistered *udu;
int sei_pos;
int sei_pos, sei_new;
for (i = 0; i < au->nb_units; i++) {
if (au->units[i].type == H264_NAL_SEI ||
@ -305,8 +305,10 @@ static int h264_metadata_filter(AVBSFContext *bsf, AVPacket *out)
if (sei_pos < au->nb_units &&
au->units[sei_pos].type == H264_NAL_SEI) {
sei_new = 0;
sei = au->units[sei_pos].content;
} else {
sei_new = 1;
sei = &ctx->sei_nal;
memset(sei, 0, sizeof(*sei));
@ -354,6 +356,12 @@ static int h264_metadata_filter(AVBSFContext *bsf, AVPacket *out)
payload->payload_size = 16 + udu->data_length;
if (!sei_new) {
// This will be freed by the existing internal
// reference in fragment_uninit().
sei_udu_string = NULL;
}
} else {
invalid_user_data:
av_log(bsf, AV_LOG_ERROR, "Invalid user data: "