ffserver: Clear avio context after closing it
Fixes: ==13287== Invalid read of size 4
==13287== at 0x45161A: flush_buffer (aviobuf.c:143)
==13287== by 0x451971: avio_flush (aviobuf.c:200)
==13287== by 0x512CCF: av_write_trailer (mux.c:1016)
==13287== by 0x41A5E0: close_connection (ffserver.c:853)
==13287== by 0x421EDC: rtsp_cmd_interrupt (ffserver.c:3245)
==13287== by 0x420B9C: rtsp_parse_request (ffserver.c:2854)
==13287== by 0x41A9C2: handle_connection (ffserver.c:930)
==13287== by 0x41A04B: http_server (ffserver.c:700)
==13287== by 0x423A60: main (ffserver.c:3897)
==13287== Address 0xb6cd258 is 88 bytes inside a block of size 192 free'd
==13287== at 0x4C2B5D9: free (vg_replace_malloc.c:446)
==13287== by 0x1004DAC: av_free (mem.c:239)
==13287== by 0x454835: avio_close_dyn_buf (aviobuf.c:1170)
==13287== by 0x41F385: http_prepare_data (ffserver.c:2368)
==13287== by 0x41F59B: http_send_data (ffserver.c:2416)
==13287== by 0x41ABE2: handle_connection (ffserver.c:986)
==13287== by 0x41A04B: http_server (ffserver.c:700)
==13287== by 0x423A60: main (ffserver.c:3897)
Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2015/11/02 02:34:44Showing 1 changed files
| ... | ... |
@@ -2370,6 +2370,7 @@ static int http_prepare_data(HTTPContext *c) |
| 2370 | 2370 |
|
| 2371 | 2371 |
av_freep(&c->pb_buffer); |
| 2372 | 2372 |
len = avio_close_dyn_buf(ctx->pb, &c->pb_buffer); |
| 2373 |
+ ctx->pb = NULL; |
|
| 2373 | 2374 |
c->cur_frame_bytes = len; |
| 2374 | 2375 |
c->buffer_ptr = c->pb_buffer; |
| 2375 | 2376 |
c->buffer_end = c->pb_buffer + len; |