[FFmpeg-devel] [PATCH 7/8] avcodec/cbs_sei: Fix leak of AVBufferRef on error

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Wed Mar 10 03:06:00 EET 2021


An AVBufferRef (and the corresponding AVBuffer and the underlying actual
buffer) would leak in ff_cbs_sei_add_message() on error in case an error
happened after its creation and before it has been attached to more
permanent storage. Fix this by only creating the AVBufferRef immediately
before attaching it to its intended target position.

(Given that no SEI message currently created is refcounted, the above
can't happen at the moment. But Coverity already nevertheless noticed:
This commit fixes Coverity issue #1473521.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
 libavcodec/cbs_sei.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/libavcodec/cbs_sei.c b/libavcodec/cbs_sei.c
index 2a96db9674..141e97ec58 100644
--- a/libavcodec/cbs_sei.c
+++ b/libavcodec/cbs_sei.c
@@ -262,14 +262,6 @@ int ff_cbs_sei_add_message(CodedBitstreamContext *ctx,
     if (!desc)
         return AVERROR(EINVAL);
 
-    if (payload_buf) {
-        payload_ref = av_buffer_ref(payload_buf);
-        if (!payload_ref)
-            return AVERROR(ENOMEM);
-    } else {
-        payload_ref = NULL;
-    }
-
     // Find an existing SEI unit or make a new one to add to.
     err = cbs_sei_get_unit(ctx, au, prefix, &unit);
     if (err < 0)
@@ -285,6 +277,14 @@ int ff_cbs_sei_add_message(CodedBitstreamContext *ctx,
     if (err < 0)
         return err;
 
+    if (payload_buf) {
+        payload_ref = av_buffer_ref(payload_buf);
+        if (!payload_ref)
+            return AVERROR(ENOMEM);
+    } else {
+        payload_ref = NULL;
+    }
+
     message = &list->messages[list->nb_messages - 1];
 
     message->payload_type = payload_type;
-- 
2.27.0



More information about the ffmpeg-devel mailing list