[FFmpeg-devel] [PATCH] [RFC] PNG: decode textual data
Nicolas George
nicolas.george at normalesup.org
Sun Mar 20 19:24:39 CET 2011
Le decadi 30 ventôse, an CCXIX, Nicolas George a écrit :
> + rbuf = av_realloc(buf, out_size + 1);
> + if (!rbuf) {
> + av_free(buf);
> + return -1;
> + }
By the way: I see a lot of realloc-related potential memory leaks in the
code. Some things like that:
vlc->table = av_realloc(vlc->table,
sizeof(VLC_TYPE) * 2 * vlc->table_allocated);
if (!vlc->table)
return -1;
realloc failures are very unlikely, but that should not be a reason not to
do thing properly, and that requires code. Therefore, it may be useful to
introduce the following function:
/**
* Allocate or reallocate a block of memory.
* This function does the same thing as av_realloc, except:
* - It takes two arguments and checks the result of the multiplication for
* integer overflow.
* - It frees the input block in case of failure, thus avoiding the memory
* leak with the classic "buf = realloc(buf); if (!buf) return -1;".
*/
void *av_realloc_f(void *ptr, size_t nelem, size_t elsize)
{
size_t size = nelem * elsize;
void *r;
/* Hack inspired from glibc: only try the division if nelem and elsize
* are both greater than sqrt(SIZE_MAX). */
if ((nelem | elsize) >= ((size_t)1 << (sizeof(size_t) * 4)) &&
elsize && size / elsize != nelem) {
av_free(ptr);
return NULL;
}
r = av_realloc(ptr, size);
if (!r && size)
av_free(ptr);
return r;
}
I'll also try to see if I can come up with a nice interface for the scheme I
used in png_decode_zbuf: start with a small buffer on the stack, enlarge it
on the heap if necessary.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110320/0211c3a3/attachment-0001.asc>
More information about the ffmpeg-devel
mailing list