[FFmpeg-devel] [PATCH 21/21] avformat/dashdec: Avoid duplicating string

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Sat Sep 19 19:36:10 EEST 2020


Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
There is still stuff left to fix in this demuxer after this patchset:
1. resolve_content_path() is in bad shape; i.e. it can try to read
str[-1].
2. One can get a crash in get_current_fragment() (or rather in
ff_dash_fill_tmpl_params()) when one has a representation without fragment
and without fragment/url template.
3. When one has a mismatch between old and new manifests in
refresh_manifest(), the old representations leak. One could fix this by
freeing the new representations and restoring the old ones, but this
feels wrong; freeing the old ones is not possible, because
refresh_manifests() is called indirectly by the read_packet function of
an AVFormatContext associated with an old representation, so freeing
the old representations would free the AVIOContext from within its
read_packet function. This would lead to use-after-frees.

 libavformat/dashdec.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
index be67192b14..747b4e92e3 100644
--- a/libavformat/dashdec.c
+++ b/libavformat/dashdec.c
@@ -1183,7 +1183,6 @@ static int parse_manifest(AVFormatContext *s, const char *url, AVIOContext *in)
     DASHContext *c = s->priv_data;
     int ret = 0;
     int close_in = 0;
-    uint8_t *new_url = NULL;
     int64_t filesize = 0;
     AVBPrint buf;
     AVDictionary *opts = NULL;
@@ -1212,11 +1211,8 @@ static int parse_manifest(AVFormatContext *s, const char *url, AVIOContext *in)
             return ret;
     }
 
-    if (av_opt_get(in, "location", AV_OPT_SEARCH_CHILDREN, &new_url) >= 0) {
-        c->base_url = av_strdup(new_url);
-    } else {
+    if (av_opt_get(in, "location", AV_OPT_SEARCH_CHILDREN, (uint8_t**)&c->base_url) < 0)
         c->base_url = av_strdup(url);
-    }
 
     filesize = avio_size(in);
     filesize = filesize > 0 ? filesize : DEFAULT_MANIFEST_SIZE;
@@ -1359,7 +1355,6 @@ cleanup:
         xmlFreeNode(mpd_baseurl_node);
     }
 
-    av_free(new_url);
     av_bprint_finalize(&buf, NULL);
     if (close_in) {
         avio_close(in);
-- 
2.25.1



More information about the ffmpeg-devel mailing list