avfilter/asrc_flite: Fix use-after-frees

When an flite filter instance is uninitialized and the refcount of the corresponding voice_entry reaches zero, the voice is unregistered, yet the voice_entry's pointer to the voice is not reset. (Whereas some other pointers are needlessly reset.) Because of this a new flite filter instance will believe said voice to already be registered, leading to use-after-frees. Fix this by resetting the right pointer instead of the wrong ones. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
author: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> 2021-10-06 17:21:04 +0200
committer: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> 2021-10-10 14:27:13 +0200
commit: 18ddb25c7a58404641de2f6aa68220bd509e376c (patch)
tree: 3e1715b1873c98cb724f23d570759f7d5952ba05
parent: 304cc0379870ebf155502069939582f1065ef3b5 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/libavfilter/asrc_flite.c b/libavfilter/asrc_flite.c
index 0789dd6ff3..bd2ae774de 100644
--- a/libavfilter/asrc_flite.c
+++ b/libavfilter/asrc_flite.c
@@ -197,10 +197,10 @@ static av_cold void uninit(AVFilterContext *ctx)
     FliteContext *flite = ctx->priv;
 
     if (flite->voice_entry) {
-        if (!--flite->voice_entry->usage_count)
+        if (!--flite->voice_entry->usage_count) {
             flite->voice_entry->unregister_fn(flite->voice);
-        flite->voice = NULL;
-        flite->voice_entry = NULL;
+            flite->voice_entry->voice = NULL;
+        }
     }
     delete_wave(flite->wave);
     flite->wave = NULL;
author	Andreas Rheinhardt <andreas.rheinhardt@outlook.com>	2021-10-06 17:21:04 +0200
committer	Andreas Rheinhardt <andreas.rheinhardt@outlook.com>	2021-10-10 14:27:13 +0200
commit	18ddb25c7a58404641de2f6aa68220bd509e376c (patch)
tree	3e1715b1873c98cb724f23d570759f7d5952ba05
parent	304cc0379870ebf155502069939582f1065ef3b5 (diff)