[FFmpeg-devel] [PATCH 23/23] avcodec/pngdec: Fix memleak by postponing allocation

Wed Mar 10 23:54:46 EET 2021

Fixes Coverity ticket #1322342.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
It seems to me that this temporary buffer is actually unneeded: One just
needs to use the new frame as destination for blending and then
overwrite the new frame's data outside the processed rectangle with the
data from the old frame. Or am I wrong about this?

 libavcodec/pngdec.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index a5a71ef161..63c22063d9 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -1080,10 +1080,6 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s,
         return AVERROR_PATCHWELCOME;
     }
 
-    buffer = av_malloc_array(s->image_linesize, s->height);
-    if (!buffer)
-        return AVERROR(ENOMEM);
-
     ff_thread_await_progress(&s->last_picture, INT_MAX, 0);
 
     // need to reset a rectangle to background:
@@ -1099,7 +1095,9 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s,
         }
     }
 
-    memcpy(buffer, s->last_picture.f->data[0], s->image_linesize * s->height);
+    buffer = av_memdup(s->last_picture.f->data[0], s->image_linesize * s->height);
+    if (!buffer)
+        return AVERROR(ENOMEM);
 
     // Perform blending
     if (s->blend_op == APNG_BLEND_OP_SOURCE) {
-- 
2.27.0

