avcodec/hevc: clear HEVClc when its deallocated in hevc_decode_free()
authorMichael Niedermayer <michaelni@gmx.at>
Tue, 31 Dec 2013 14:18:47 +0000 (15:18 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Tue, 7 Jan 2014 23:23:49 +0000 (00:23 +0100)
Fixes reading freed memory
Fixes: asan_heap-uaf_1abf8ef_3987_NUT_A_ericsson_4.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 21a2fb7e0579703fdea96f659498ef8b1f243289)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/hevc.c

index 2f7c5b6..a16b045 100644 (file)
@@ -2624,6 +2624,8 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx)
             av_freep(&s->sList[i]);
         }
     }
+    if (s->HEVClc == s->HEVClcList[0])
+        s->HEVClc = NULL;
     av_freep(&s->HEVClcList[0]);
 
     for (i = 0; i < s->nals_allocated; i++)