[FFmpeg-devel] [PATCH] avcodec/ass: Fix a memory leak defect.

Gang Fan(范刚) fan.gang.cn at gmail.com
Mon Feb 12 14:32:14 EET 2018 

OK, should I email the new patch to the same thread or a new thread?

Thanks
Gang

On Mon, Feb 12, 2018 at 7:49 PM, Hendrik Leppkes <h.leppkes at gmail.com>
wrote:

> On Mon, Feb 12, 2018 at 11:55 AM, Gang Fan(范刚) <fan.gang.cn at gmail.com>
> wrote:
> > There is a potential memory leak bug in file ass_split.c, here is the
> > description.
> >
> > A piece of memory is allocated on line 283. When executing the loop twice
> > and if the av_realloc_array returns null the function returns without
> > freeing the memory pointed by order.
> >
> > Suggested fix:
> > free(order) before return NULL; on line 284
> >
> > Reference Ticket: https://trac.ffmpeg.org/ticket/7019#comment:1
> >
> > Thanks
> > Gang
> > Sbrella
> >
> >
> > From 6850fc3a6562b4f5fb92e72eed125e057ad975ae Mon Sep 17 00:00:00 2001
> > From: Fan Gang <fangang at sbrella.com>
> > Date: Mon, 12 Feb 2018 18:46:20 +0800
> > Subject: [PATCH] avcodec/ass: Fix a memory leak defect when realloc
> fails.
> >
> > ---
> >  libavcodec/ass_split.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c
> > index 872528b..c7eb07d 100644
> > --- a/libavcodec/ass_split.c
> > +++ b/libavcodec/ass_split.c
> > @@ -280,8 +280,10 @@ static const char *ass_split_section(
> ASSSplitContext
> > *ctx, const char *buf)
> >                  while (!is_eol(*buf)) {
> >                      buf = skip_space(buf);
> >                      len = strcspn(buf, ", \r\n");
> > -                    if (!(tmp = av_realloc_array(order, (*number + 1),
> > sizeof(*order))))
> > +                    if (!(tmp = av_realloc_array(order, (*number + 1),
> > sizeof(*order)))){
> > +                        free(order);
> >                          return NULL;
> > +                    }
> >                      order = tmp;
> >                      order[*number] = -1;
> >                      for (i=0; section->fields[i].name; i++)
> > --
>
> You would need to use av_free instead of free. However, a better
> option would be just using av_reallocp_array, which automatically
> frees the original pointer on failure.
>
> - Hendrik
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>



-- 


*With kind regards*

More information about the ffmpeg-devel mailing list