avplay: fix write on freed memory for rawvideo

Do not assume avpacket and the decoded frames are independent. To be absolutely sure and not sprinkle av_free_packet around the code the call had been placed before getting the frame and on the error path.
zhengxj91 · Jul 3, 2012 · 906f9dc · 906f9dc
1 parent 3389545
commit 906f9dc
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/avplay.c b/avplay.c
@@ -1597,6 +1597,7 @@ static int configure_video_filters(AVFilterGraph *graph, VideoState *is, const c
 
 static int video_thread(void *arg)
 {
+ AVPacket pkt = { 0 };
  VideoState *is = arg;
  AVFrame *frame = avcodec_alloc_frame();
  int64_t pts_int;
@@ -1617,18 +1618,18 @@ static int video_thread(void *arg)
 #endif
 
  for (;;) {
- AVPacket pkt;
 #if CONFIG_AVFILTER
  AVFilterBufferRef *picref;
  AVRational tb;
 #endif
  while (is->paused && !is->videoq.abort_request)
  SDL_Delay(10);
 
+ av_free_packet(&pkt);
+
  ret = get_video_frame(is, frame, &pts_int, &pkt);
  if (ret < 0)
  goto the_end;
- av_free_packet(&pkt);
 
  if (!ret)
  continue;
@@ -1708,6 +1709,7 @@ static int video_thread(void *arg)
  av_freep(&vfilters);
  avfilter_graph_free(&graph);
 #endif
+ av_free_packet(&pkt);
  av_free(frame);
  return 0;
 }