avformat: Free the internal codec context at the end
authorLuca Barbato <lu_zero@gentoo.org>
Tue, 11 Apr 2017 23:46:30 +0000 (01:46 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 7 Dec 2017 22:38:06 +0000 (23:38 +0100)
Avoid a use after free in avformat_find_stream_info.

(cherry picked from commit 9e4a5eb51b9f3b2bff0ef08e0074b7fe4893075d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/utils.c

index 1a7996c..881438a 100644 (file)
@@ -3882,12 +3882,6 @@ FF_ENABLE_DEPRECATION_WARNINGS
         }
     }
 
-    // close codecs which were opened in try_decode_frame()
-    for (i = 0; i < ic->nb_streams; i++) {
-        st = ic->streams[i];
-        avcodec_close(st->internal->avctx);
-    }
-
     ff_rfps_calculate(ic);
 
     for (i = 0; i < ic->nb_streams; i++) {
@@ -4078,6 +4072,7 @@ find_stream_info_err:
         st = ic->streams[i];
         if (st->info)
             av_freep(&st->info->duration_error);
+        avcodec_close(ic->streams[i]->internal->avctx);
         av_freep(&ic->streams[i]->info);
         av_bsf_free(&ic->streams[i]->internal->extract_extradata.bsf);
         av_packet_free(&ic->streams[i]->internal->extract_extradata.pkt);