[FFmpeg-devel] [PATCH 1/2] avformat/utils: free existing extradata before trying to allocate a new one
Michael Niedermayer
michael at niedermayer.cc
Wed Mar 7 03:47:40 EET 2018
On Tue, Mar 06, 2018 at 01:42:36AM -0300, James Almer wrote:
> This prevents leaks in the rare cases the function is called when extradata
> already exists.
>
> Signed-off-by: James Almer <jamrial at gmail.com>
> ---
> libavformat/utils.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index 72531d4185..31340a484b 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -3245,6 +3245,7 @@ int ff_alloc_extradata(AVCodecParameters *par, int size)
> {
> int ret;
>
> + av_freep(&par->extradata);
> if (size < 0 || size >= INT32_MAX - AV_INPUT_BUFFER_PADDING_SIZE) {
> par->extradata = NULL;
> par->extradata_size = 0;
This causes memory corruption
...
[mpegts @ 0x7f8c74000a80] PES packet size mismatch
*** Error in `./ffplay': double free or corruption (fasttop): 0x00007f8c7402d9c0 ***
Aborted (core dumped)
I think this should not have been applied so quickly, i tested it as soon as i
had time and saw it but it was applied already
If it helps i can debug the cases i see to find out which calls cause them but
someone will still have to review all call sites probably for this change to
be safe
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180307/42915de6/attachment.sig>
More information about the ffmpeg-devel
mailing list