avplay: fix write on freed memory for rawvideo

Do not assume avpacket and the decoded frames are independent.

To be absolutely sure and not sprinkle av_free_packet around the code
the call had been placed before getting the frame and on the error path.

diff --git a/avplay.c b/avplay.c
index 71844c274de5204cf99720e5675ef8eff2b12454..e05016964ba4ad6c50ab3a4390863ccae608ac80 100644 (file)
--- a/avplay.c
+++ b/avplay.c
@@ -1597,6 +1597,7 @@ static int configure_video_filters(AVFilterGraph *graph, VideoState *is, const c
 
 static int video_thread(void *arg)
 {
+    AVPacket pkt = { 0 };
     VideoState *is = arg;
     AVFrame *frame = avcodec_alloc_frame();
     int64_t pts_int;
@@ -1617,7 +1618,6 @@ static int video_thread(void *arg)
 #endif
 
     for (;;) {
-        AVPacket pkt;
 #if CONFIG_AVFILTER
         AVFilterBufferRef *picref;
         AVRational tb;
@@ -1625,10 +1625,11 @@ static int video_thread(void *arg)
         while (is->paused && !is->videoq.abort_request)
             SDL_Delay(10);
 
+        av_free_packet(&pkt);
+
         ret = get_video_frame(is, frame, &pts_int, &pkt);
         if (ret < 0)
             goto the_end;
-        av_free_packet(&pkt);
 
         if (!ret)
             continue;
@@ -1708,6 +1709,7 @@ static int video_thread(void *arg)
     av_freep(&vfilters);
     avfilter_graph_free(&graph);
 #endif
+    av_free_packet(&pkt);
     av_free(frame);
     return 0;
 }