From c011beda2611acfeb6f67d4fdf30d1eceed9e62f Mon Sep 17 00:00:00 2001 From: wm4 Date: Wed, 8 Feb 2017 09:53:26 +0100 Subject: [PATCH] avconv: make sure packets put into the muxing FIFO are refcounted MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Some callers (like do_subtitle_out(), or do_streamcopy()) call this with an AVPacket that is not refcounted. This can cause undefined behavior. Calling av_packet_move_ref() does not make a packet refcounted if it isn't yet. (And it can't be made to, because it always succeeds, and can't return ENOMEM.) Call av_packet_ref() instead to make sure it's refcounted. Cc: libav-stable@libav.org Signed-off-by: Martin Storsjö --- avtools/avconv.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/avtools/avconv.c b/avtools/avconv.c index ac15464a8d0..3abb7f872f3 100644 --- a/avtools/avconv.c +++ b/avtools/avconv.c @@ -281,7 +281,7 @@ static void write_packet(OutputFile *of, AVPacket *pkt, OutputStream *ost) int ret; if (!of->header_written) { - AVPacket tmp_pkt; + AVPacket tmp_pkt = {0}; /* the muxer is not initialized yet, buffer the packet */ if (!av_fifo_space(ost->muxing_queue)) { int new_size = FFMIN(2 * av_fifo_size(ost->muxing_queue), @@ -296,8 +296,11 @@ static void write_packet(OutputFile *of, AVPacket *pkt, OutputStream *ost) if (ret < 0) exit_program(1); } - av_packet_move_ref(&tmp_pkt, pkt); + ret = av_packet_ref(&tmp_pkt, pkt); + if (ret < 0) + exit_program(1); av_fifo_generic_write(ost->muxing_queue, &tmp_pkt, sizeof(tmp_pkt), NULL); + av_packet_unref(pkt); return; } -- 2.39.5