On Mon, 13 Jun 2011 10:14:02 -0400, "Ronald S. Bultje" <[email protected]> wrote: > Hi, > > On Mon, Jun 13, 2011 at 5:24 AM, Anton Khirnov <[email protected]> wrote: > > From: Carl Eugen Hoyos <[email protected]> > > > > Fixes a possible invalid free(). > > > > Signed-off-by: Anton Khirnov <[email protected]> > > --- > > libavformat/aviobuf.c | 2 +- > > 1 files changed, 1 insertions(+), 1 deletions(-) > > > > diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c > > index fa63ddf..26fd1db 100644 > > --- a/libavformat/aviobuf.c > > +++ b/libavformat/aviobuf.c > > @@ -548,7 +548,7 @@ static void fill_buffer(AVIOContext *s) > > } > > > > /* make buffer smaller in case it ended up large after probing */ > > - if (s->buffer_size > max_buffer_size) { > > + if (s->read_packet && s->buffer_size > max_buffer_size) { > > ffio_set_buf_size(s, max_buffer_size); > > I remember discussing this when you were refactoring the avio_*() API. > What was the conclusion back then? Or did we simply forget about it? >
There was no conclusion, I just moved on to other stuff, thinking to fix this Later(tm). This patch fixes the symptom, not the problem (the buffer must be malloced), but i guess it's better than nothing for now. -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
