media: fix mismatched free and double free

FFmpeg frees and reallocs the buffer multiple times internally, which
means 2 things:
1. Mismatched free, as std::vector uses new, FFmpeg uses free.
2. buf_ no longer points to the correct address by the time it goes out
of scope; it points to an already freed part of memory.

Use a local variable instead of a class member to store the initial
buffer.

Change-Id: Ibe98658e68bec1b69875e6679ba1319dd7d98706
Reviewed-by: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>

src/media/media_io_handle.cpp

@@ -31,12 +31,20 @@ MediaIOHandle::MediaIOHandle(std::size_t buffer_size,
                              void *opaque) : ctx_(0)
 
 {
-    buf_.reserve(buffer_size);
-    ctx_ = avio_alloc_context(buf_.data(), buffer_size, writeable, opaque, read_cb,
+    /* FFmpeg doesn't alloc the buffer for the first time, but it does free and
+     * alloc it afterwards.
+     * Don't directly use malloc because av_malloc is optimized for memory alignment.
+     */
+    auto buf = static_cast<uint8_t*>(av_malloc(buffer_size));
+    ctx_ = avio_alloc_context(buf, buffer_size, writeable, opaque, read_cb,
                               write_cb, seek_cb);
     ctx_->max_packet_size = buffer_size;
 }
 
-MediaIOHandle::~MediaIOHandle() { av_free(ctx_); }
+MediaIOHandle::~MediaIOHandle()
+{
+    av_free(ctx_->buffer);
+    av_free(ctx_);
+}
 
 } // namespace ring

src/media/media_io_handle.h

@@ -52,7 +52,6 @@ public:
 private:
     NON_COPYABLE(MediaIOHandle);
     AVIOContext *ctx_;
-    std::vector<uint8_t> buf_ {};
 };
 
 } // namespace ring