[FFmpeg-devel] [PATCH 1/2] avformat: fix memory corruption when free AVStream
Nicolas George
george at nsup.org
Wed Mar 5 19:42:26 CET 2014
Le quintidi 15 ventôse, an CCXXII, tony_nie at realsil.com.cn a écrit :
> From: tony_nie <tony_nie at realsil.com.cn>
>
> Make shure buffer had beed alloced before free it.
"Sure", no "h".
>
> Signed-off-by: tony_nie <tony_nie at realsil.com.cn>
> ---
> libavformat/utils.c | 16 ++++++++++++----
> 1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index 4e262b1..658d373 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -3521,10 +3521,18 @@ void ff_free_stream(AVFormatContext *s, AVStream *st) {
> av_freep(&st->codec->extradata);
> av_freep(&st->codec->subtitle_header);
> av_freep(&st->codec);
> - av_freep(&st->priv_data);
> - if (st->info)
> - av_freep(&st->info->duration_error);
> - av_freep(&st->info);
> +
> + if (st->priv_data) {
> + av_freep(&st->priv_data);
> + }
> +
> + if (st->info) {
> + if (st->info->duration_error) {
> + av_freep(&st->info->duration_error);
> + }
> + av_freep(&st->info);
> + }
Unless I am mistaken, all your patch is doing is change "freep(&foo);" into
"if (foo) { freep(&foo); }". Calling freep() on a NULL pointer is valid and
does nothing, so I do not see what the point is.
> +
> av_freep(&s->streams[ --s->nb_streams ]);
> }
>
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140305/cc3eb965/attachment.asc>
More information about the ffmpeg-devel
mailing list