Thomas Guillem: > Reproduced when using the VAAPI va module on VLC 4.0. No leaks when > setting thread count to 1. > --- > libavcodec/pthread_frame.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c > index 73b1b7d7d9..4c578aa44a 100644 > --- a/libavcodec/pthread_frame.c > +++ b/libavcodec/pthread_frame.c > @@ -747,6 +747,7 @@ void ff_frame_thread_free(AVCodecContext *avctx, int > thread_count) > av_buffer_unref(&ctx->internal->pool); > av_freep(&ctx->internal); > av_buffer_unref(&ctx->hw_frames_ctx); > + av_buffer_unref(&ctx->hw_device_ctx); > } > > av_frame_free(&p->frame); >
The AVCodecContext that is freed here is not a full AVCodecContext: It never received a reference to hw_device_ctx of its own. Unreferencing this here will therefore mess up the refcount and lead to use-after-frees. (What is the reference count of hw_device_ctx at this point? Libavcodec should only hold one reference at that point, namely the one in the main (user-facing) AVCodecContext; this reference will be unreferenced when avcodec_close()/avcodec_free_context() is called for the main context.) - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
