From 0aec73d1bf58c494d2cd48bf9cabaf8d47c2b717 Mon Sep 17 00:00:00 2001
From: llyyr <llyyr.public@gmail.com>
Date: Tue, 28 May 2024 19:00:54 +0530
Subject: [PATCH] vo_vaapi: fix use-after-free when quitting

p->output_surfaces gets freed by destroy_frame when quitting
---
 video/out/vo_vaapi.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/video/out/vo_vaapi.c b/video/out/vo_vaapi.c
index 1d3b21fa6b..37a3068081 100644
--- a/video/out/vo_vaapi.c
+++ b/video/out/vo_vaapi.c
@@ -406,18 +406,11 @@ static void va_pool_set_allocator(struct mp_image_pool *pool,
     mp_image_pool_set_lru(pool);
 }
 
-static void flush_output_surfaces(struct priv *p)
-{
-    for (int n = 0; n < MAX_OUTPUT_SURFACES; n++)
-        mp_image_unrefp(&p->output_surfaces[n]);
-    p->output_surface = 0;
-    p->visible_surface = 0;
-}
-
 // See flush_surfaces() remarks - the same applies.
 static void free_video_specific(struct priv *p)
 {
-    flush_output_surfaces(p);
+    p->output_surface = 0;
+    p->visible_surface = 0;
 
     mp_image_unrefp(&p->black_surface);