#8259: A use-after-free bug in libavcodec/utils.c
-----------------------------------+------------------------------------
Reporter: wurongxin | Type: defect
Status: new | Priority: critical
Component: avcodec | Version: 3.4.6
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+------------------------------------
Summary of the bug:
How to reproduce:
{{{
% ffmpeg -i input ... output
ffmpeg version
built on ...
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
In the source file
https://github.com/FFmpeg/FFmpeg/blob/release/3.4/libavcodec/utils.c, in
the function "default_lockmgr_cb", there is a use-after-free bug. Please
see the following code. At Line 104, it frees the variable "*mutex", and
then uses "*mutex" at Line 105.
{{{
69. static int default_lockmgr_cb(void **arg, enum AVLockOp op)
70. {
…
101. case AV_LOCK_DESTROY:
102. if (*mutex)
103. pthread_mutex_destroy(*mutex);
104. av_free(*mutex);
105. avpriv_atomic_ptr_cas(mutex, *mutex, NULL);
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8259>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
