avcodec/hw_base_encode: fix use after free on close

The way the linked list of images was freed caused a
use after free, by accessing pic->next after pic was
already freed.

Regression from 48a1a12968

Fix CID1633236
master
Marvin Scholz 2 months ago committed by Lynne
parent dfaade76db
commit c98810ab47
  1. 6
      libavcodec/hw_base_encode.c

@ -804,10 +804,10 @@ int ff_hw_base_encode_init(AVCodecContext *avctx, FFHWBaseEncodeContext *ctx)
int ff_hw_base_encode_close(FFHWBaseEncodeContext *ctx) int ff_hw_base_encode_close(FFHWBaseEncodeContext *ctx)
{ {
FFHWBaseEncodePicture *pic; for (FFHWBaseEncodePicture *pic = ctx->pic_start, *next_pic = pic; pic; pic = next_pic) {
next_pic = pic->next;
for (pic = ctx->pic_start; pic; pic = pic->next)
base_encode_pic_free(pic); base_encode_pic_free(pic);
}
av_fifo_freep2(&ctx->encode_fifo); av_fifo_freep2(&ctx->encode_fifo);

Loading…
Cancel
Save