From 40063a900b6d5e39d3fab8ec9890cf8af02f8268 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 1 Nov 2015 18:34:44 +0100
Subject: ffserver: Clear avio context after closing it

Fixes: ==13287== Invalid read of size 4
==13287==    at 0x45161A: flush_buffer (aviobuf.c:143)
==13287==    by 0x451971: avio_flush (aviobuf.c:200)
==13287==    by 0x512CCF: av_write_trailer (mux.c:1016)
==13287==    by 0x41A5E0: close_connection (ffserver.c:853)
==13287==    by 0x421EDC: rtsp_cmd_interrupt (ffserver.c:3245)
==13287==    by 0x420B9C: rtsp_parse_request (ffserver.c:2854)
==13287==    by 0x41A9C2: handle_connection (ffserver.c:930)
==13287==    by 0x41A04B: http_server (ffserver.c:700)
==13287==    by 0x423A60: main (ffserver.c:3897)
==13287==  Address 0xb6cd258 is 88 bytes inside a block of size 192 free'd
==13287==    at 0x4C2B5D9: free (vg_replace_malloc.c:446)
==13287==    by 0x1004DAC: av_free (mem.c:239)
==13287==    by 0x454835: avio_close_dyn_buf (aviobuf.c:1170)
==13287==    by 0x41F385: http_prepare_data (ffserver.c:2368)
==13287==    by 0x41F59B: http_send_data (ffserver.c:2416)
==13287==    by 0x41ABE2: handle_connection (ffserver.c:986)
==13287==    by 0x41A04B: http_server (ffserver.c:700)
==13287==    by 0x423A60: main (ffserver.c:3897)

Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 ffserver.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ffserver.c b/ffserver.c
index 65ae431752..d3fcb82b6c 100644
--- a/ffserver.c
+++ b/ffserver.c
@@ -2370,6 +2370,7 @@ static int http_prepare_data(HTTPContext *c)
 
                     av_freep(&c->pb_buffer);
                     len = avio_close_dyn_buf(ctx->pb, &c->pb_buffer);
+                    ctx->pb = NULL;
                     c->cur_frame_bytes = len;
                     c->buffer_ptr = c->pb_buffer;
                     c->buffer_end = c->pb_buffer + len;
-- 
cgit v1.2.3