avformat: Free the internal codec context at the end
authorLuca Barbato <lu_zero@gentoo.org>
Tue, 11 Apr 2017 23:46:30 +0000 (01:46 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Fri, 1 Dec 2017 23:28:59 +0000 (00:28 +0100)
Avoid a use after free in avformat_find_stream_info.

(cherry picked from commit 9e4a5eb51b9f3b2bff0ef08e0074b7fe4893075d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/utils.c

index fa64e5c..1a098b6 100644 (file)
@@ -3475,12 +3475,6 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options)
         }
     }
 
-    // close codecs which were opened in try_decode_frame()
-    for (i = 0; i < ic->nb_streams; i++) {
-        st = ic->streams[i];
-        avcodec_close(st->codec);
-    }
-
     ff_rfps_calculate(ic);
 
     for (i = 0; i < ic->nb_streams; i++) {
@@ -3596,6 +3590,7 @@ find_stream_info_err:
             ic->streams[i]->codec->thread_count = 0;
         if (st->info)
             av_freep(&st->info->duration_error);
+        avcodec_close(st->codec);
         av_freep(&ic->streams[i]->info);
     }
     if (ic->pb)