[FFmpeg-devel] [PATCH] [RFC] PNG: decode textual data

Michael Niedermayer michaelni at gmx.at
Mon Mar 21 13:29:23 CET 2011 

On Sun, Mar 20, 2011 at 07:24:39PM +0100, Nicolas George wrote:
> Le decadi 30 ventôse, an CCXIX, Nicolas George a écrit :
> > +        rbuf = av_realloc(buf, out_size + 1);
> > +        if (!rbuf) {
> > +            av_free(buf);
> > +            return -1;
> > +        }
> 
> By the way: I see a lot of realloc-related potential memory leaks in the
> code. Some things like that:
> 
>         vlc->table = av_realloc(vlc->table,
>                                 sizeof(VLC_TYPE) * 2 * vlc->table_allocated);
>         if (!vlc->table)
>             return -1;
> 
> realloc failures are very unlikely, but that should not be a reason not to
> do thing properly, and that requires code. Therefore, it may be useful to
> introduce the following function:
> 
> /**
>  * Allocate or reallocate a block of memory.
>  * This function does the same thing as av_realloc, except:
>  * - It takes two arguments and checks the result of the multiplication for
>  *   integer overflow.
>  * - It frees the input block in case of failure, thus avoiding the memory
>  *   leak with the classic "buf = realloc(buf); if (!buf) return -1;".
>  */
> void *av_realloc_f(void *ptr, size_t nelem, size_t elsize)
> {
> int av_realloc_f(void **ptr, size_t nelem, size_t elsize)
>     size_t size = nelem * elsize;
>     void *r;
>

>     /* Hack inspired from glibc: only try the division if nelem and elsize
>      * are both greater than sqrt(SIZE_MAX). */
>     if ((nelem | elsize) >= ((size_t)1 << (sizeof(size_t) * 4)) &&
>         elsize && size / elsize != nelem) {

this is useless obfuscation, x86 will tell you for free if things overflowd
and gcc should be able (yeah hoping) to turn clean code into that.
i suspect other hw has similar capabilities.

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Avoid a single point of failure, be that a person or equipment.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110321/c5e931e8/attachment.asc>

More information about the ffmpeg-devel mailing list