[FFmpeg-cvslog] avcodec/alsdec: Fix raw_mantissa memleak

Michael Niedermayer git at videolan.org
Thu Sep 8 21:48:31 EEST 2016


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Thu Sep  8 18:11:30 2016 +0200| [f2192e0f0399c7cbb1ac3f311726f2fa9cdf1dba] | committer: Michael Niedermayer

avcodec/alsdec: Fix raw_mantissa memleak

Fixes: 0cee183a09bff5aa5108429717c35a4d/asan_heap-oob_1d99eca_3702_9ef60e80de79082a778d3d9ce8ef3b64.mp4

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f2192e0f0399c7cbb1ac3f311726f2fa9cdf1dba
---

 libavcodec/alsdec.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index c31f733..1bb71f5 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -1887,6 +1887,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame_ptr,
 static av_cold int decode_end(AVCodecContext *avctx)
 {
     ALSDecContext *ctx = avctx->priv_data;
+    int i;
 
     av_freep(&ctx->sconf.chan_pos);
 
@@ -1920,7 +1921,12 @@ static av_cold int decode_end(AVCodecContext *avctx)
     av_freep(&ctx->last_acf_mantissa);
     av_freep(&ctx->shift_value);
     av_freep(&ctx->last_shift_value);
-    av_freep(&ctx->raw_mantissa);
+    if (ctx->raw_mantissa) {
+        for (i = 0; i < avctx->channels; i++) {
+            av_freep(&ctx->raw_mantissa[i]);
+        }
+        av_freep(&ctx->raw_mantissa);
+    }
     av_freep(&ctx->larray);
     av_freep(&ctx->nbits);
 
@@ -2064,7 +2070,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
         ctx->shift_value       = av_malloc_array(avctx->channels, sizeof(*ctx->shift_value));
         ctx->last_shift_value  = av_malloc_array(avctx->channels, sizeof(*ctx->last_shift_value));
         ctx->last_acf_mantissa = av_malloc_array(avctx->channels, sizeof(*ctx->last_acf_mantissa));
-        ctx->raw_mantissa      = av_malloc_array(avctx->channels, sizeof(*ctx->raw_mantissa));
+        ctx->raw_mantissa      = av_mallocz_array(avctx->channels, sizeof(*ctx->raw_mantissa));
 
         ctx->larray = av_malloc_array(ctx->cur_frame_length * 4, sizeof(*ctx->larray));
         ctx->nbits  = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits));



More information about the ffmpeg-cvslog mailing list