From 1cb57d341ea3801526968a15ea99368917baa223 Mon Sep 17 00:00:00 2001 From: Martin Pulec Date: Mon, 3 Mar 2025 12:49:49 +0100 Subject: [PATCH] video_display: fix use ptr after free video_display putf implementation may free the frame so that the pointer is no longer valid upon the exit from the callback (or anytime later). This is the case for eg. vdisp/decklink. Fixes `uv -t testcard -c lavc -d dummy:discard` (wrong color in output line): ``` [dummy] 126 frames in 5.03501 seconds = 25.0248 FPS ``` even though FPS is +/- the nominal 25. Depending on circumstances it could have also easily crashed (access after free). --- src/video_display.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/video_display.c b/src/video_display.c index 86409fa9b..a1358ecf2 100644 --- a/src/video_display.c +++ b/src/video_display.c @@ -351,6 +351,7 @@ static bool display_frame_helper(struct display *d, struct video_frame *frame, l MIN_FPS_PERC_WARN = 98, MIN_FPS_PERC_WARN2 = 90, }; + const double frame_fps = frame->fps; bool ret = d->funcs->putf(d->state, frame, timeout_ns); if (!d->funcs->generic_fps_indicator_prefix) { return ret; @@ -364,7 +365,7 @@ static bool display_frame_helper(struct display *d, struct video_frame *frame, l if (seconds_ns > 5 * NS_IN_SEC) { const double seconds = (double) seconds_ns / NS_IN_SEC; const double fps = d->frames / seconds; - const char *const fps_col = get_stat_color(fps / frame->fps); + const char *const fps_col = get_stat_color(fps / frame_fps); log_msg(LOG_LEVEL_INFO, TERM_BOLD TERM_FG_MAGENTA