[FFmpeg-devel] [PATCH 2/2] libnut: check for av_malloc failure.

Oded ods15 at ods15.dyndns.org
Wed Dec 7 07:50:14 CET 2011


Some trivial comments

On Mon, Nov 28, 2011 at 05:30:08AM +0100, Michael Niedermayer wrote:
> @@ -70,6 +70,8 @@ static int nut_write_header(AVFormatContext * avf) {
>      int i;
>  
>      priv->s = s = av_mallocz((avf->nb_streams + 1) * sizeof*s);
> +    if(!s)
> +        return AVERROR(ENOMEM);
>  
>      for (i = 0; i < avf->nb_streams; i++) {
>          AVCodecContext * codec = avf->streams[i]->codec;

I assume nut_write_packet() and nut_write_trailer() will not be called if 
nut_write_header() returned error?

There is also a tiny av_malloc() in the same function, in loop, for 
fourcc. Requires rollback on error if handeled correctly...

Also, no check for nut_muxer_init()

> @@ -223,6 +225,10 @@ static int nut_read_header(AVFormatContext * avf, AVFormatParameters * ap) {
>          st->codec->extradata_size = s[i].codec_specific_len;
>          if (st->codec->extradata_size) {
>              st->codec->extradata = av_mallocz(st->codec->extradata_size);
> +            if(!st->codec->extradata){
> +                nut_demuxer_uninit(nut);
> +                return AVERROR(ENOMEM);
> +            }
>              memcpy(st->codec->extradata, s[i].codec_specific, st->codec->extradata_size);
>          }

Again, I assume nut_read_close() will not be called, otherwise there is 
double free (which could even be an existing bug, in "return -1" above)

I assume av_new_stream() allocations are handeled and freed outside 
libnut.c ?
Also, can av_new_stream() fail? No check for it...

Also, no check for nut_demuxer_init()

- ods15


More information about the ffmpeg-devel mailing list