[FFmpeg-devel] [PATCH] Fix leak by dereferencing audio frame when side data causes whole frame skip
Michael Niedermayer
michaelni at gmx.at
Tue May 7 01:32:37 CEST 2013
On Mon, May 06, 2013 at 03:42:51PM -0700, Matthew Wolenetz wrote:
> This patch fixes a memory leak in avcodec_decode_audio4() when
> refcounted_frames are enabled and side data size causes a whole frame to be
> skipped.
>
> Please review to ensure it is not introducing use-after-free possibilities.
>
> I believe that, along with d18341fb1121332056aecc00096159df16d01, issue
> #2529 is fixed with this patch.
> make fate passes and valgrind shows no remaining leaks for the sample
> attached to issue #2529.
>
> Matt
> utils.c | 2 ++
> 1 file changed, 2 insertions(+)
> 7d1dbb509ab2eedb62dc4e80dfa1493d6fd6c591 0001-Fix-leak-by-dereferencing-audio-frame-when-side-data.patch
> From d3b37f424317e99e52563ffab820c9f1d61ff5bd Mon Sep 17 00:00:00 2001
> From: Matt Wolenetz <wolenetz at chromium.org>
> Date: Mon, 6 May 2013 14:44:17 -0700
> Subject: [PATCH] Fix leak by dereferencing audio frame when side data causes
> whole frame skip
>
> ---
> libavcodec/utils.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavcodec/utils.c b/libavcodec/utils.c
> index 4136d9f..0bce107 100644
> --- a/libavcodec/utils.c
> +++ b/libavcodec/utils.c
> @@ -2103,6 +2103,8 @@ int attribute_align_arg avcodec_decode_audio4(AVCodecContext *avctx,
> if (avctx->internal->skip_samples && *got_frame_ptr) {
> if(frame->nb_samples <= avctx->internal->skip_samples){
> *got_frame_ptr = 0;
> + if (avctx->refcounted_frames)
> + av_frame_unref(frame);
> avctx->internal->skip_samples -= frame->nb_samples;
the unref must be after reading frame->nb_samples
patch applied with these 2 swapped
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Asymptotically faster algorithms should always be preferred if you have
asymptotical amounts of data
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130507/1f3bb713/attachment.asc>
More information about the ffmpeg-devel
mailing list