From 7d79d0a43b5533ff584249332bc1db7fedbab1d2 Mon Sep 17 00:00:00 2001
From: Zhao Zhili <zhilizhao@tencent.com>
Date: Tue, 20 Feb 2024 20:08:55 +0800
Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant

Fix heap use after free when vulkan_frames_init failed.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
(cherry picked from commit 3bb00c0a420c3ce83c6fafee30270d69622ccad7)
---
 libavutil/hwcontext.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c
index 3650d4653a..0ef34796f6 100644
--- a/libavutil/hwcontext.c
+++ b/libavutil/hwcontext.c
@@ -363,7 +363,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
     if (ctx->internal->hw_type->frames_init) {
         ret = ctx->internal->hw_type->frames_init(ctx);
         if (ret < 0)
-            goto fail;
+            return ret;
     }
 
     if (ctx->internal->pool_internal && !ctx->pool)
@@ -373,14 +373,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
     if (ctx->initial_pool_size > 0) {
         ret = hwframe_pool_prealloc(ref);
         if (ret < 0)
-            goto fail;
+            return ret;
     }
 
     return 0;
-fail:
-    if (ctx->internal->hw_type->frames_uninit)
-        ctx->internal->hw_type->frames_uninit(ctx);
-    return ret;
 }
 
 int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,