From: Janne Grunau <janne-libav@jannau.net>
Date: Wed, 5 Sep 2012 18:25:48 +0000 (+0200)
Subject: mpegvideo: set AVFrame fields to NULL after freeing the base memory
X-Git-Tag: v9_beta1~437
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=59383d574046616ede75e51eeb404c9eb8b56d40;p=platform%2Fupstream%2Flibav.git

mpegvideo: set AVFrame fields to NULL after freeing the base memory

Prevents dangling pointers and makes access after free more obvious.
Setting AVFrame.qscale_table to NULL is required for successfully
allocating a previously freed Picture with ff_alloc_picture().
---

diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c
index 718df8b..f51184f 100644
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -393,13 +393,16 @@ static void free_picture(MpegEncContext *s, Picture *pic)
     av_freep(&pic->mb_mean);
     av_freep(&pic->f.mbskip_table);
     av_freep(&pic->qscale_table_base);
+    pic->f.qscale_table = NULL;
     av_freep(&pic->mb_type_base);
+    pic->f.mb_type = NULL;
     av_freep(&pic->f.dct_coeff);
     av_freep(&pic->f.pan_scan);
     pic->f.mb_type = NULL;
     for (i = 0; i < 2; i++) {
         av_freep(&pic->motion_val_base[i]);
         av_freep(&pic->f.ref_index[i]);
+        pic->f.motion_val[i] = NULL;
     }
 
     if (pic->f.type == FF_BUFFER_TYPE_SHARED) {