[FFmpeg-cvslog] avformat/id3v2: Fix double-free on error
Andreas Rheinhardt
git at videolan.org
Tue Dec 10 17:13:33 EET 2019
ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sun Nov 10 05:07:28 2019 +0100| [67d4940a7795aa3afc8d1e624de33b030e0be51e] | committer: Michael Niedermayer
avformat/id3v2: Fix double-free on error
ff_id3v2_parse_priv_dict() uses av_dict_set() with the flags
AV_DICT_DONT_STRDUP_KEY and AV_DICT_DONT_STRDUP_VAL. In this case both
key and value are freed on error (and owned by the destination
dictionary on success), so that freeing them again on error is a
double-free and therefore forbidden. But it nevertheless happened.
Fixes CID 1452489 and 1452421.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67d4940a7795aa3afc8d1e624de33b030e0be51e
---
libavformat/id3v2.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 7bae036635..abe073dcc1 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -1264,8 +1264,6 @@ int ff_id3v2_parse_priv_dict(AVDictionary **metadata, ID3v2ExtraMeta **extra_met
}
if ((ret = av_dict_set(metadata, key, escaped, dict_flags)) < 0) {
- av_free(key);
- av_free(escaped);
return ret;
}
}
More information about the ffmpeg-cvslog
mailing list