ogg: fix double free when finding length of small chained oggs.
authorRonald S. Bultje <rsbultje@gmail.com>
Wed, 29 Jun 2011 05:24:21 +0000 (22:24 -0700)
committerReinhard Tartler <siretart@tauware.de>
Wed, 29 Jun 2011 18:12:32 +0000 (20:12 +0200)
commitcb66b552700c4fe54f3387eb12207049ff63dfe3
tree9f1bf8b37bbd83d6e8979fd819805dcf9681df93
parent9482dd0d17435c9b5b46d44cdf8af21b1f09235c
ogg: fix double free when finding length of small chained oggs.

ogg_save() copies streams[], but doesn't keep track of free()'ed
struct members. Thus, if in between a call to ogg_save() and
ogg_restore(), streams[].private was free()'ed, this would result
in a double free -> crash, which happened when e.g. playing small
chained ogg fragments.
(cherry picked from commit 9ed6cbc3ee2ae3e7472fb25192a7e36fd7b15533)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
libavformat/oggdec.c