From aa100d1512d371f57d1311033e256c806d7099ca Mon Sep 17 00:00:00 2001
From: nanahi <130121847+na-na-hi@users.noreply.github.com>
Date: Wed, 7 Feb 2024 16:07:57 -0500
Subject: [PATCH] f_output_chain: prevent double free of child filters

When mp_output_chain_update_filters() fails, talloc_free() is called on
each mp_user_filter. But because the structure doesn't have a talloc
destructor, the args aren't freed, resulting in stale references.

Fix this by calling the destructor of the wrapped filter instead.
---
 filters/f_output_chain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/filters/f_output_chain.c b/filters/f_output_chain.c
index ccb4d53af9..ffad932a57 100644
--- a/filters/f_output_chain.c
+++ b/filters/f_output_chain.c
@@ -627,7 +627,7 @@ bool mp_output_chain_update_filters(struct mp_output_chain *c,
 
 error:
     for (int n = 0; n < num_add; n++)
-        talloc_free(add[n]);
+        talloc_free(add[n]->wrapper);
     talloc_free(add);
     talloc_free(used);
     return false;