From ff6b34009d4571ae0a4d130c0f8d27706a4c4026 Mon Sep 17 00:00:00 2001
From: Nicolas George <nicolas.george@normalesup.org>
Date: Tue, 8 Jan 2013 12:46:13 +0100
Subject: lavfi: fix use-after-free in ff_filter_frame.

Unlike the original ff_start_frame code, the incoming reference
may be freed before that point.

Fix CID966654.
---
 libavfilter/avfilter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/avfilter.c b/libavfilter/avfilter.c
index 4edd5be30f..8c06173c83 100644
--- a/libavfilter/avfilter.c
+++ b/libavfilter/avfilter.c
@@ -706,7 +706,7 @@ static int ff_filter_frame_framed(AVFilterLink *link, AVFilterBufferRef *frame)
     } else
         out = frame;
 
-    while(cmd && cmd->time <= frame->pts * av_q2d(link->time_base)){
+    while(cmd && cmd->time <= out->pts * av_q2d(link->time_base)){
         av_log(link->dst, AV_LOG_DEBUG,
                "Processing command time:%f command:%s arg:%s\n",
                cmd->time, cmd->command, cmd->arg);
-- 
cgit v1.2.3