[FFmpeg-devel] [PATCH] mov: Fix leaking memory with multiple drefs.
Michael Niedermayer
michaelni at gmx.at
Fri Apr 13 11:51:44 CEST 2012
On Thu, Apr 12, 2012 at 05:56:57PM -0700, dalecurtis at chromium.org wrote:
> From: Dale Curtis <dalecurtis at chromium.org>
>
> Instead of allocating over the original, free first. MOVStreamContext
> is zero initialized so no double free will occur. Same style as other
> fixes for the same problem in this file.
>
> Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
> ---
> libavformat/mov.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index b4ff1df..7075033 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -400,6 +400,7 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> entries = avio_rb32(pb);
> if (entries >= UINT_MAX / sizeof(*sc->drefs))
> return AVERROR_INVALIDDATA;
> + av_free(sc->drefs);
this needs a sc->drefs_count = 0
for the case that the mallocz fails otherwise we might be left with a
NULL dref and >0 drefs_count possibly
ill fix the similar cases in mov that do this free atm
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Dictatorship naturally arises out of democracy, and the most aggravated
form of tyranny and slavery out of the most extreme liberty. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120413/d9fe0ac2/attachment.asc>
More information about the ffmpeg-devel
mailing list