[FFmpeg-devel] [PATCH] mov: Fix leaking memory with multiple drefs.
Michael Niedermayer
michaelni at gmx.at
Sun Apr 15 23:43:09 CEST 2012
On Fri, Apr 13, 2012 at 11:51:44AM +0200, Michael Niedermayer wrote:
> On Thu, Apr 12, 2012 at 05:56:57PM -0700, dalecurtis at chromium.org wrote:
> > From: Dale Curtis <dalecurtis at chromium.org>
> >
> > Instead of allocating over the original, free first. MOVStreamContext
> > is zero initialized so no double free will occur. Same style as other
> > fixes for the same problem in this file.
> >
> > Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
> > ---
> > libavformat/mov.c | 1 +
> > 1 files changed, 1 insertions(+), 0 deletions(-)
> >
> > diff --git a/libavformat/mov.c b/libavformat/mov.c
> > index b4ff1df..7075033 100644
> > --- a/libavformat/mov.c
> > +++ b/libavformat/mov.c
> > @@ -400,6 +400,7 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> > entries = avio_rb32(pb);
> > if (entries >= UINT_MAX / sizeof(*sc->drefs))
> > return AVERROR_INVALIDDATA;
> > + av_free(sc->drefs);
>
> this needs a sc->drefs_count = 0
> for the case that the mallocz fails otherwise we might be left with a
> NULL dref and >0 drefs_count possibly
patch merged & issue fixed
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
DNS cache poisoning attacks, popular search engine, Google internet authority
dont be evil, please
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120415/86f456d1/attachment.asc>
More information about the ffmpeg-devel
mailing list