[FFmpeg-devel] [PATCH] avcodec/cbs_mpeg2: fix leak of extra_information_slice buffer in cbs_mpeg2_read_slice_header()
James Almer
jamrial at gmail.com
Wed Apr 24 21:50:21 EEST 2019
cbs_mpeg2_free_slice() calls av_buffer_unref() on extra_information_ref,
meaning allocating with av_malloc() was not the intention.
Signed-off-by: James Almer <jamrial at gmail.com>
---
Couldn't find any mpeg2 sample containing these fields, so it's untested.
The leak is obvious regardless of that.
libavcodec/cbs_mpeg2_syntax_template.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavcodec/cbs_mpeg2_syntax_template.c b/libavcodec/cbs_mpeg2_syntax_template.c
index 88cf453b17..672ff66141 100644
--- a/libavcodec/cbs_mpeg2_syntax_template.c
+++ b/libavcodec/cbs_mpeg2_syntax_template.c
@@ -361,10 +361,11 @@ static int FUNC(slice_header)(CodedBitstreamContext *ctx, RWContext *rw,
current->extra_information_length = k;
if (k > 0) {
*rw = start;
- current->extra_information =
- av_malloc(current->extra_information_length);
- if (!current->extra_information)
+ current->extra_information_ref =
+ av_buffer_alloc(current->extra_information_length);
+ if (!current->extra_information_ref)
return AVERROR(ENOMEM);
+ current->extra_information = current->extra_information_ref->data;
for (k = 0; k < current->extra_information_length; k++) {
xui(1, extra_bit_slice, bit, 0);
xui(8, extra_information_slice[k],
--
2.21.0
More information about the ffmpeg-devel
mailing list