jp9000/obs-studio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libff: Fix heap corruption caused by unnecessary av_dup_packet call

Browse Source 
There's no need to duplicate the packet as the reference count will be 1
after the av_read_frame call. Duplicating causes heap corruption when a
synthetic clock packet is duplicated and assigned the buffer from the
stack-based temporary packet which is then double-freed by the decoder
thread.
This commit is contained in:
Richard Stanway 2016-04-20 02:51:40 +02:00
parent ba70b44152
commit bebaeaeaa9
No known key found for this signature in database
GPG Key ID: AAC1E5265D71B3FD
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deps/libff/libff/ff-packet-queue.c vendored
View File

@ -61,10 +61,6 @@ int packet_queue_put(struct ff_packet_queue *q, struct ff_packet *packet)
{
struct ff_packet_list *new_packet;
if (packet != &q->flush_packet
&& av_dup_packet(&packet->base) < 0)
return FF_PACKET_FAIL;
new_packet = av_malloc(sizeof(struct ff_packet_list));
if (new_packet == NULL)