[FFmpeg-devel] [PATCH] libavformat/mov.c: Free aes_decrypt to avoid leaking memory

[Michael Niedermayer]

On Tue, Mar 31, 2020 at 01:30:22PM -0700, John Rummell wrote:
> Thanks. Updated.
> 
> On Tue, Mar 31, 2020 at 5:23 AM Moritz Barsnick <barsnick at gmx.net> wrote:
> 
> > On Mon, Mar 30, 2020 at 15:27:46 -0700, John Rummell wrote:
> > > +    if (c->aes_decrypt)
> > > +        av_free(c->aes_decrypt);
> >
> > av_free() already does the NULL pointer check for you.
> >
> > Moritz
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel at ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

>  mov.c |    1 +
>  1 file changed, 1 insertion(+)
> f1eded23b62052aa1655c95d9c197005032789fb  0001-libavformat-mov.c-Free-aes_decrypt-to-avoid-leaking-.patch
> From 44e7116b83f2b72516822a2e4be55bbd1b7a9cee Mon Sep 17 00:00:00 2001
> From: John Rummell <jrummell at chromium.org>
> Date: Mon, 30 Mar 2020 14:08:01 -0700
> Subject: [PATCH] libavformat/mov.c: Free aes_decrypt to avoid leaking memory
> 
> Found by Chromium fuzzers (crbug.com/1057205).
> ---
>  libavformat/mov.c | 1 +
>  1 file changed, 1 insertion(+)

will apply

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Frequently ignored answer#1 FFmpeg bugs should be sent to our bugtracker. User
questions about the command line tools should be sent to the ffmpeg-user ML.
And questions about how to use libav* should be sent to the libav-user ML.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200401/04afbbaf/attachment.sig>