[FFmpeg-devel] [PATCH 2/2] libnut: check for av_malloc failure.
Oded
ods15 at ods15.dyndns.org
Wed Dec 7 07:50:14 CET 2011
Some trivial comments
On Mon, Nov 28, 2011 at 05:30:08AM +0100, Michael Niedermayer wrote:
> @@ -70,6 +70,8 @@ static int nut_write_header(AVFormatContext * avf) {
> int i;
>
> priv->s = s = av_mallocz((avf->nb_streams + 1) * sizeof*s);
> + if(!s)
> + return AVERROR(ENOMEM);
>
> for (i = 0; i < avf->nb_streams; i++) {
> AVCodecContext * codec = avf->streams[i]->codec;
I assume nut_write_packet() and nut_write_trailer() will not be called if
nut_write_header() returned error?
There is also a tiny av_malloc() in the same function, in loop, for
fourcc. Requires rollback on error if handeled correctly...
Also, no check for nut_muxer_init()
> @@ -223,6 +225,10 @@ static int nut_read_header(AVFormatContext * avf, AVFormatParameters * ap) {
> st->codec->extradata_size = s[i].codec_specific_len;
> if (st->codec->extradata_size) {
> st->codec->extradata = av_mallocz(st->codec->extradata_size);
> + if(!st->codec->extradata){
> + nut_demuxer_uninit(nut);
> + return AVERROR(ENOMEM);
> + }
> memcpy(st->codec->extradata, s[i].codec_specific, st->codec->extradata_size);
> }
Again, I assume nut_read_close() will not be called, otherwise there is
double free (which could even be an existing bug, in "return -1" above)
I assume av_new_stream() allocations are handeled and freed outside
libnut.c ?
Also, can av_new_stream() fail? No check for it...
Also, no check for nut_demuxer_init()
- ods15
More information about the ffmpeg-devel
mailing list