[Ffmpeg-cvslog] r6733 - trunk/libavformat/mov.c

Baptiste Coudurier baptiste.coudurier
Thu Oct 19 20:07:46 CEST 2006


Michael Niedermayer wrote:
>>>
>>>
>>> Modified: trunk/libavformat/mov.c
>>> ==============================================================================
>>> --- trunk/libavformat/mov.c	(original)
>>> +++ trunk/libavformat/mov.c	Thu Oct 19 12:05:36 2006
>>> @@ -1348,7 +1348,7 @@
>>>  #ifdef CONFIG_ZLIB
>>>  static int null_read_packet(void *opaque, uint8_t *buf, int buf_size)
>>>  {
>>> -    return -1;
>>> +    return buf_size;
>>>  }
>>>  
>> Nice it does work indeed. However isn't that dangerous ? Each time
>> fill_buffer will be called it will return buf_size and if atom.size is
>> fucked by any way (we read it from file), that will lead to memleak.
>>
>> Maybe memory should be handled differently by ByteIOContext.
> 
> i cant see any obvious memleaks which are caused by my change, so please
> elaborate how that should lead to a leak ...
> 
> also note, if the uncompress() fails then you will have a leak but that
> was already there before my change
> 
> also it seems that just duplicating some atoms will lead to a leak
> as theres no check if something has already been allocated and loaded
> its generally just a malloc() + fill array
> it should rather be if(array) fatal_error; malloc(); fill it
> 
> [...]

Humm my bad, I misused memleak term, I wanted to illustrate that if
null_read_packet always return buf_size, s->read_read_packet will never
fail and eof_reached won't ever be set.

Further get_buffer/get_byte wont never fail either, and further parsing
might read memory beyond. Since it is 'moov' atom, supposedly containing
whole metadata, I was a bit afraid that would lead to a security risk,
but I guess I'm worrying too much.

-- 
Baptiste COUDURIER                              GnuPG Key Id: 0x5C1ABAAA
SMARTJOG S.A.                                    http://www.smartjog.com
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
Phone: +33 1 49966312




More information about the ffmpeg-cvslog mailing list