avcodec/g2meet: Clear pointers after deallocation

Fixes double free Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

avcodec/g2meet: Clear pointers after deallocation
Fixes double free Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
80e42387 · Michael Niedermayer · e34a3468 · 80e42387
Commit 80e42387 authored Jul 08, 2015 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

g2meet.c libavcodec/g2meet.c +7 -5

No files found.
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -1171,11 +1171,12 @@ static int g2m_init_buffers(G2MContext *c)
        c->tile_stride     = FFALIGN(c->tile_width, 16) * 3;
        c->epic_buf_stride = FFALIGN(c->tile_width * 4, 16);
        aligned_height     = FFALIGN(c->tile_height,    16);
-        av_free(c->synth_tile);
+        av_freep(&c->synth_tile);
-        av_free(c->jpeg_tile);
+        av_freep(&c->jpeg_tile);
-        av_free(c->kempf_buf);
+        av_freep(&c->kempf_buf);
-        av_free(c->kempf_flags);
+        av_freep(&c->kempf_flags);
-        av_free(c->epic_buf_base);
+        av_freep(&c->epic_buf_base);
+        c->epic_buf    = NULL;
        c->synth_tile  = av_mallocz(c->tile_stride      * aligned_height);
        c->jpeg_tile   = av_mallocz(c->tile_stride      * aligned_height);
        c->kempf_buf   = av_mallocz((c->tile_width + 1) * aligned_height +
@@ -1604,6 +1605,7 @@ static av_cold int g2m_decode_end(AVCodecContext *avctx)
    jpg_free_context(&c->jc);
    av_freep(&c->epic_buf_base);
+    c->epic_buf = NULL;
    av_freep(&c->kempf_buf);
    av_freep(&c->kempf_flags);
    av_freep(&c->synth_tile);