avcodec/h264: Clear delayed_pic on deallocation
authorMichael Niedermayer <michaelni@gmx.at>
Wed, 17 Dec 2014 20:27:37 +0000 (21:27 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Mon, 22 Dec 2014 02:17:55 +0000 (03:17 +0100)
Fixes use of freed memory

Fixes: case5_av_frame_copy_props.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e8714f6f93d1a32f4e4655209960afcf4c185214)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/h264.c

index 222bf58..06d8dec 100644 (file)
@@ -391,6 +391,7 @@ void ff_h264_free_tables(H264Context *h, int free_rbsp)
     if (free_rbsp && h->DPB) {
         for (i = 0; i < H264_MAX_PICTURE_COUNT; i++)
             ff_h264_unref_picture(h, &h->DPB[i]);
+        memset(h->delayed_pic, 0, sizeof(h->delayed_pic));
         av_freep(&h->DPB);
     } else if (h->DPB) {
         for (i = 0; i < H264_MAX_PICTURE_COUNT; i++)