[FFmpeg-devel] [PATCH v1 6/8] avformat/mtv: check av_strdup() return value and fix memleak

"zhilizhao(赵志立)" quinkblack at foxmail.com
Thu Oct 10 08:09:43 EEST 2019



> On Oct 10, 2019, at 12:59 PM, Steven Liu <lq at chinaffmpeg.org> wrote:
> 
> 
> 
>> 在 2019年10月10日,12:53,zhilizhao(赵志立) <quinkblack at foxmail.com> 写道:
>> 
>> 
>> 
>>> On Oct 10, 2019, at 11:40 AM, Steven Liu <lq at chinaffmpeg.org> wrote:
>>> 
>>> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
>>> ---
>>> libavformat/mtv.c | 13 +++++++++++--
>>> 1 file changed, 11 insertions(+), 2 deletions(-)
>>> 
>>> diff --git a/libavformat/mtv.c b/libavformat/mtv.c
>>> index 728f4a4781..c664ae14c7 100644
>>> --- a/libavformat/mtv.c
>>> +++ b/libavformat/mtv.c
>>> @@ -171,13 +171,19 @@ static int mtv_read_header(AVFormatContext *s)
>>>   st->codecpar->width           = mtv->img_width;
>>>   st->codecpar->height          = mtv->img_height;
>>>   st->codecpar->extradata       = av_strdup("BottomUp");
>>> +    if (!st->codecpar->extradata) {
>>> +        return AVERROR(ENOMEM);
>>> +    }
>>>   st->codecpar->extradata_size  = 9;
>>> 
>>>   // audio - mp3
>>> 
>>>   st = avformat_new_stream(s, NULL);
>>> -    if(!st)
>>> +    if(!st) {
>>> +        av_freep(&st->codecpar->extradata);
>>> +        st->codecpar->extradata_size = 0;
>>>       return AVERROR(ENOMEM);
>>> +    }
>> 
>> NULL pointer dereference?
> When new streams cannot be create, there have no memory, so release the st->codecpar->extradata,
> now st->codecpar->extradata is not NULL pointer.

“st”  is NULL, st->codecpar is NULL pointer dereference.

PS: I don’t think here is a memory leak.

>  
>> 
>> 
>>> 
>>>   avpriv_set_pts_info(st, 64, 1, MTV_AUDIO_SAMPLING_RATE);
>>>   st->codecpar->codec_type      = AVMEDIA_TYPE_AUDIO;
>>> @@ -187,8 +193,11 @@ static int mtv_read_header(AVFormatContext *s)
>>> 
>>>   // Jump over header
>>> 
>>> -    if(avio_seek(pb, MTV_HEADER_SIZE, SEEK_SET) != MTV_HEADER_SIZE)
>>> +    if(avio_seek(pb, MTV_HEADER_SIZE, SEEK_SET) != MTV_HEADER_SIZE) {
>>> +        av_freep(&st->codecpar->extradata);
>>> +        st->codecpar->extradata_size = 0;
>>>       return AVERROR(EIO);
>>> +    }
>>> 
>>>   return 0;
>>> 
>>> -- 
>>> 2.15.1
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> ffmpeg-devel mailing list
>>> ffmpeg-devel at ffmpeg.org
>>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>> 
>>> To unsubscribe, visit link above, or email
>>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>> 
>> 
>> 
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org <mailto:ffmpeg-devel at ffmpeg.org>
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>
>> 
>> To unsubscribe, visit link above, or email
>> ffmpeg-devel-request at ffmpeg.org <mailto:ffmpeg-devel-request at ffmpeg.org> with subject "unsubscribe".
> 
> Thanks
> Steven
> 
> 
> 
> 
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org <mailto:ffmpeg-devel at ffmpeg.org>
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org <mailto:ffmpeg-devel-request at ffmpeg.org> with subject "unsubscribe".



More information about the ffmpeg-devel mailing list