After having created the AVBuffer that is put into frame->buf[0], ownership of several objects (namely an AVDRMFrameDescriptor, an MppFrame and some AVBufferRefs framecontextref and decoder_ref) has passed to the AVBuffer and therefore to the frame. Yet it has nevertheless been freed manually on error afterwards, which would lead to a double-free as soon as the AVFrame is unreferenced.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com> --- I hope we have a maintainer (or anyone else) for this who can test these patches. libavcodec/rkmppdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/rkmppdec.c b/libavcodec/rkmppdec.c index 5768568b00..2ca368e0a9 100644 --- a/libavcodec/rkmppdec.c +++ b/libavcodec/rkmppdec.c @@ -462,8 +462,8 @@ static int rkmpp_retrieve_frame(AVCodecContext *avctx, AVFrame *frame) frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref); if (!frame->hw_frames_ctx) { - ret = AVERROR(ENOMEM); - goto fail; + av_frame_unref(frame); + return AVERROR(ENOMEM); } return 0; -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".