[FFmpeg-devel] [PATCH 05/10] avformat/hls: fix leak of variant when dynarray_add fail

Tue Apr 12 11:56:28 EEST 2022

> On Apr 12, 2022, at 4:42 PM, Steven Liu <lingjiujianke at gmail.com> wrote:
> 
> Zhao Zhili <quinkblack at foxmail.com> 于2022年4月12日周二 16:16写道：
>> 
>> ---
>> libavformat/hls.c | 12 ++++++++++--
>> 1 file changed, 10 insertions(+), 2 deletions(-)
>> 
>> diff --git a/libavformat/hls.c b/libavformat/hls.c
>> index d5c3009d07..b5cdf158c6 100644
>> --- a/libavformat/hls.c
>> +++ b/libavformat/hls.c
>> @@ -366,8 +366,16 @@ static struct variant *new_variant(HLSContext *c, struct variant_info *info,
>>         strcpy(var->subtitles_group, info->subtitles);
>>     }
>> 
>> -    dynarray_add(&c->variants, &c->n_variants, var);
>> -    dynarray_add(&var->playlists, &var->n_playlists, pls);
>> +    if (av_dynarray_add_nofree(&var->playlists, &var->n_playlists, pls) < 0) {
>> +        /* Don't free pls since it's not owned by variant */
>> +        av_free(var);
>> +        return NULL;
>> +    }
>> +    if (av_dynarray_add_nofree(&c->variants, &c->n_variants, var) < 0) {
>> +        av_free(var->playlists);
>> +        av_free(var);
> Why don't use av_freep about these contexts?

It’s a local variable, won’t outlive any longer, so use after free not gone happen.

>> +        return NULL;
>> +    }
>>     return var;
>> }
>> 
>> --
>> 2.31.1
>> 
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>> 
>> To unsubscribe, visit link above, or email
>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
> 
> Thanks
> Steven
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".