avformat: Free the internal codec context at the end
authorLuca Barbato <lu_zero@gentoo.org>
Tue, 11 Apr 2017 23:46:30 +0000 (01:46 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 9 Nov 2017 01:11:29 +0000 (02:11 +0100)
Avoid a use after free in avformat_find_stream_info.

(cherry picked from commit 9e4a5eb51b9f3b2bff0ef08e0074b7fe4893075d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/utils.c

index f6d82d2..52216e3 100644 (file)
@@ -3273,12 +3273,6 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options)
     }
     av_opt_set(ic, "skip_clear", "0", AV_OPT_SEARCH_CHILDREN);
 
-    // close codecs which were opened in try_decode_frame()
-    for (i = 0; i < ic->nb_streams; i++) {
-        st = ic->streams[i];
-        avcodec_close(st->codec);
-    }
-
     ff_rfps_calculate(ic);
 
     for (i = 0; i < ic->nb_streams; i++) {
@@ -3387,6 +3381,7 @@ find_stream_info_err:
             ic->streams[i]->codec->thread_count = 0;
         if (st->info)
             av_freep(&st->info->duration_error);
+        avcodec_close(st->codec);
         av_freep(&ic->streams[i]->info);
     }
     if (ic->pb)