[FFmpeg-cvslog] avformat/mxfdec: Fix memleak upon repeating tags

Andreas Rheinhardt git at videolan.org
Fri Jul 24 05:25:15 EEST 2020

ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Mon Jul 20 07:24:53 2020 +0200| [28ce651c6d53866c1b8c3b49b8b66a2e967aa273] | committer: Andreas Rheinhardt

avformat/mxfdec: Fix memleak upon repeating tags

When parsing MXF encountering some tags leads to allocations. And when
these tags were encountered repeatedly, this could lead to memleaks,
because the pointer to the old data got simply overwritten with a
pointer to the new data (or to NULL on allocation failure). This has
been fixed.

Reviewed-by: Tomas Härdin <tjoppen at acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28ce651c6d53866c1b8c3b49b8b66a2e967aa273

 libavformat/mxfdec.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 3016885e75..f0975f409e 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -850,6 +850,7 @@ static int mxf_read_cryptographic_context(void *arg, AVIOContext *pb, int tag, i
 static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count)
     *count = avio_rb32(pb);
+    av_free(*refs);
     *refs = av_calloc(*count, sizeof(UID));
     if (!*refs) {
         *count = 0;
@@ -903,10 +904,8 @@ static int mxf_read_content_storage(void *arg, AVIOContext *pb, int tag, int siz
     case 0x1901:
         if (mxf->packages_refs)
             av_log(mxf->fc, AV_LOG_VERBOSE, "Multiple packages_refs\n");
-        av_free(mxf->packages_refs);
         return mxf_read_strong_ref_array(pb, &mxf->packages_refs, &mxf->packages_count);
     case 0x1902:
-        av_free(mxf->essence_container_data_refs);
         return mxf_read_strong_ref_array(pb, &mxf->essence_container_data_refs, &mxf->essence_container_data_count);
     return 0;

More information about the ffmpeg-cvslog mailing list