From f51e3a1971045c7ed0c3d9d29d3254a4d940198e Mon Sep 17 00:00:00 2001
From: Justin Ruggles <justin.ruggles@gmail.com>
Date: Wed, 4 Dec 2013 16:53:17 -0500
Subject: webp: do not call av_frame_free() on the user-provided frame

Fixes double-free on error.
---
 libavcodec/webp.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'libavcodec/webp.c')

diff --git a/libavcodec/webp.c b/libavcodec/webp.c
index cf431fee2c..d531a78a39 100644
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -1129,10 +1129,8 @@ static int vp8_lossless_decode_frame(AVCodecContext *avctx, AVFrame *p,
     if (is_alpha_chunk)
         s->image[IMAGE_ROLE_ARGB].is_alpha_primary = 1;
     ret = decode_entropy_coded_image(s, IMAGE_ROLE_ARGB, w, h);
-    if (ret < 0) {
-        av_frame_free(&p);
+    if (ret < 0)
         goto free_and_return;
-    }
 
     /* apply transformations */
     for (i = s->nb_transforms - 1; i >= 0; i--) {
@@ -1150,10 +1148,8 @@ static int vp8_lossless_decode_frame(AVCodecContext *avctx, AVFrame *p,
             ret = apply_color_indexing_transform(s);
             break;
         }
-        if (ret < 0) {
-            av_frame_free(&p);
+        if (ret < 0)
             goto free_and_return;
-        }
     }
 
     *got_frame   = 1;
-- 
cgit v1.2.3