Commit d812c6f8 authored by Alexander Strange's avatar Alexander Strange

Fix crash on close when decoding a single-frame h264 file with 3+ threads

Problematic code path:
1. sps_buffers[0] is allocated in the first thread's codec context when the
decoder is opened.
2. The first thread context is memcpy'd to the other threads by frame_thread_init().
3. The first thread is closed and its sps_buffers[0] is freed.
4. The third thread is closed.
Because it never got to decode a frame, update_thread_context was never called,
and sps_buffers[0] still contained the first thread's pointer.

Fixed by not trying to free sps/pps buffers if the thread wasn't initialized.
I didn't properly consider this when designing it but this seems to be the
best approach anyway.

Fixes still2.mp4 crash from Chromium
parent de365823
...@@ -3692,6 +3692,9 @@ av_cold void ff_h264_free_context(H264Context *h) ...@@ -3692,6 +3692,9 @@ av_cold void ff_h264_free_context(H264Context *h)
free_tables(h); //FIXME cleanup init stuff perhaps free_tables(h); //FIXME cleanup init stuff perhaps
if (!h->s.context_initialized)
return;
for(i = 0; i < MAX_SPS_COUNT; i++) for(i = 0; i < MAX_SPS_COUNT; i++)
av_freep(h->sps_buffers + i); av_freep(h->sps_buffers + i);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment