[FFmpeg-devel] [PATCH 21/21] avformat/dashdec: Avoid duplicating string
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Sat Sep 19 19:36:10 EEST 2020
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
There is still stuff left to fix in this demuxer after this patchset:
1. resolve_content_path() is in bad shape; i.e. it can try to read
str[-1].
2. One can get a crash in get_current_fragment() (or rather in
ff_dash_fill_tmpl_params()) when one has a representation without fragment
and without fragment/url template.
3. When one has a mismatch between old and new manifests in
refresh_manifest(), the old representations leak. One could fix this by
freeing the new representations and restoring the old ones, but this
feels wrong; freeing the old ones is not possible, because
refresh_manifests() is called indirectly by the read_packet function of
an AVFormatContext associated with an old representation, so freeing
the old representations would free the AVIOContext from within its
read_packet function. This would lead to use-after-frees.
libavformat/dashdec.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
index be67192b14..747b4e92e3 100644
--- a/libavformat/dashdec.c
+++ b/libavformat/dashdec.c
@@ -1183,7 +1183,6 @@ static int parse_manifest(AVFormatContext *s, const char *url, AVIOContext *in)
DASHContext *c = s->priv_data;
int ret = 0;
int close_in = 0;
- uint8_t *new_url = NULL;
int64_t filesize = 0;
AVBPrint buf;
AVDictionary *opts = NULL;
@@ -1212,11 +1211,8 @@ static int parse_manifest(AVFormatContext *s, const char *url, AVIOContext *in)
return ret;
}
- if (av_opt_get(in, "location", AV_OPT_SEARCH_CHILDREN, &new_url) >= 0) {
- c->base_url = av_strdup(new_url);
- } else {
+ if (av_opt_get(in, "location", AV_OPT_SEARCH_CHILDREN, (uint8_t**)&c->base_url) < 0)
c->base_url = av_strdup(url);
- }
filesize = avio_size(in);
filesize = filesize > 0 ? filesize : DEFAULT_MANIFEST_SIZE;
@@ -1359,7 +1355,6 @@ cleanup:
xmlFreeNode(mpd_baseurl_node);
}
- av_free(new_url);
av_bprint_finalize(&buf, NULL);
if (close_in) {
avio_close(in);
--
2.25.1
More information about the ffmpeg-devel
mailing list