asf: reset side data elements on packet copy.
authorRonald S. Bultje <rsbultje@gmail.com>
Wed, 21 Mar 2012 23:10:37 +0000 (16:10 -0700)
committerReinhard Tartler <siretart@tauware.de>
Sun, 29 Apr 2012 20:07:02 +0000 (22:07 +0200)
Prevents crash (double free) when free()ing the original packet.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e73c6aaabff1169899184c382385fe9afae5b068)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
libavformat/asfdec.c

index 969ab28..3b48788 100644 (file)
@@ -1092,6 +1092,8 @@ static int ff_asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pk
             //printf("packet %d %d\n", asf_st->pkt.size, asf->packet_frag_size);
             asf_st->pkt.size = 0;
             asf_st->pkt.data = 0;
+            asf_st->pkt.side_data_elems = 0;
+            asf_st->pkt.side_data = NULL;
             break; // packet completed
         }
     }