[FFmpeg-devel] [PATCH 3/3] nutdec: fix various memleaks on failure

Michael Niedermayer michaelni at gmx.at
Sat May 23 14:05:01 CEST 2015 

On Sat, May 23, 2015 at 11:05:48AM +0200, Andreas Cadhalpun wrote:
> On 23.05.2015 10:52, Andreas Cadhalpun wrote:
> > On 23.05.2015 01:36, Michael Niedermayer wrote:
> >> On Fri, May 22, 2015 at 11:36:55PM +0200, Andreas Cadhalpun wrote:
> >> [...]
> >>> @@ -1095,10 +1121,14 @@ static int decode_frame(NUTContext *nut, AVPacket *pkt, int frame_code)
> >>>      pkt->pos = avio_tell(bc); // FIXME
> >>>      if (stc->last_flags & FLAG_SM_DATA) {
> >>>          int sm_size;
> >>> -        if (read_sm_data(s, bc, pkt, 0, pkt->pos + size) < 0)
> >>> -            return AVERROR_INVALIDDATA;
> >>> -        if (read_sm_data(s, bc, pkt, 1, pkt->pos + size) < 0)
> >>> -            return AVERROR_INVALIDDATA;
> >>> +        if (read_sm_data(s, bc, pkt, 0, pkt->pos + size) < 0) {
> >>> +            ret = AVERROR_INVALIDDATA;
> >>> +            goto fail;
> >>> +        }
> >>> +        if (read_sm_data(s, bc, pkt, 1, pkt->pos + size) < 0) {
> >>> +            ret = AVERROR_INVALIDDATA;
> >>> +            goto fail;
> >>> +        }
> >>
> >> it seems this function is missing a int ret
> > 
> > It was added in commit af7ca6ea.
> 
> You meant that decode_frame_header missed a int ret.
> Fixed now.
> 
> Best regards,
> Andreas
> 

>  nutdec.c |   84 +++++++++++++++++++++++++++++++++++++++++++++------------------
>  1 file changed, 60 insertions(+), 24 deletions(-)
> 4cc0440459f6b5e2223aaf2b667e3f222908714d  0001-nutdec-fix-various-memleaks-on-failure.patch
> From 60de9fa45698acd206dccfc6eb634a1e6a49889f Mon Sep 17 00:00:00 2001
> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> Date: Fri, 22 May 2015 23:02:07 +0200
> Subject: [PATCH] nutdec: fix various memleaks on failure
> 
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
>  libavformat/nutdec.c | 84 +++++++++++++++++++++++++++++++++++++---------------
>  1 file changed, 60 insertions(+), 24 deletions(-)
> 
> diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
> index eeaf8bf..0757a70 100644
> --- a/libavformat/nutdec.c
> +++ b/libavformat/nutdec.c
> @@ -203,7 +203,8 @@ static int nut_probe(AVProbeData *p)
>          tmp = ffio_read_varlen(bc);                                           \
>          if (!(check)) {                                                       \
>              av_log(s, AV_LOG_ERROR, "Error " #dst " is (%"PRId64")\n", tmp);  \
> -            return AVERROR_INVALIDDATA;                                       \
> +            ret = AVERROR_INVALIDDATA;                                        \
> +            goto fail;                                                        \
>          }                                                                     \
>          dst = tmp;                                                            \
>      } while (0)

with this syncpoints and has_keyframes must be set to NULL in
find_and_decode_index() otherwise the later free might be freeing
a uninitialized pointer

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are too smart to engage in politics are punished by being
governed by those who are dumber. -- Plato 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150523/96a1e3a3/attachment.asc>

More information about the ffmpeg-devel mailing list