[FFmpeg-devel] [PATCH v1 4/6] avcodec/magicyuv: fix for the memory leak if failed
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Fri Oct 11 11:00:00 EEST 2019
lance.lmwang at gmail.com:
> From: Limin Wang <lance.lmwang at gmail.com>
>
> Signed-off-by: Limin Wang <lance.lmwang at gmail.com>
> ---
> libavcodec/magicyuv.c | 43 ++++++++++++++++++++++++++++++-------------
> 1 file changed, 30 insertions(+), 13 deletions(-)
>
> diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
> index 0b1ac7345a..c905c2ca22 100644
> --- a/libavcodec/magicyuv.c
> +++ b/libavcodec/magicyuv.c
> @@ -661,12 +661,16 @@ static int magy_decode_frame(AVCodecContext *avctx, void *data,
>
> for (i = 0; i < s->planes; i++) {
> av_fast_malloc(&s->slices[i], &s->slices_size[i], s->nb_slices * sizeof(Slice));
> - if (!s->slices[i])
> - return AVERROR(ENOMEM);
> + if (!s->slices[i]) {
> + ret = AVERROR(ENOMEM);
> + goto fail;
> + }
>
> offset = bytestream2_get_le32(&gbyte);
> - if (offset >= avpkt->size - header_size)
> - return AVERROR_INVALIDDATA;
> + if (offset >= avpkt->size - header_size) {
> + ret = AVERROR_INVALIDDATA;
> + goto fail;
> + }
>
> if (i == 0)
> first_offset = offset;
> @@ -675,8 +679,10 @@ static int magy_decode_frame(AVCodecContext *avctx, void *data,
> s->slices[i][j].start = offset + header_size;
>
> next_offset = bytestream2_get_le32(&gbyte);
> - if (next_offset <= offset || next_offset >= avpkt->size - header_size)
> - return AVERROR_INVALIDDATA;
> + if (next_offset <= offset || next_offset >= avpkt->size - header_size) {
> + ret = AVERROR_INVALIDDATA;
> + goto fail;
> + }
>
> s->slices[i][j].size = next_offset - offset;
> offset = next_offset;
> @@ -686,28 +692,32 @@ static int magy_decode_frame(AVCodecContext *avctx, void *data,
> s->slices[i][j].size = avpkt->size - s->slices[i][j].start;
> }
>
> - if (bytestream2_get_byte(&gbyte) != s->planes)
> - return AVERROR_INVALIDDATA;
> + if (bytestream2_get_byte(&gbyte) != s->planes) {
> + ret = AVERROR_INVALIDDATA;
> + goto fail;
> + }
>
> bytestream2_skip(&gbyte, s->nb_slices * s->planes);
>
> table_size = header_size + first_offset - bytestream2_tell(&gbyte);
> - if (table_size < 2)
> - return AVERROR_INVALIDDATA;
> + if (table_size < 2) {
> + ret = AVERROR_INVALIDDATA;
> + goto fail;
> + }
>
> ret = init_get_bits8(&gbit, avpkt->data + bytestream2_tell(&gbyte), table_size);
> if (ret < 0)
> - return ret;
> + goto fail;
>
> ret = build_huffman(avctx, &gbit, s->max);
> if (ret < 0)
> - return ret;
> + goto fail;
>
> p->pict_type = AV_PICTURE_TYPE_I;
> p->key_frame = 1;
>
> if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0)
> - return ret;
> + goto fail;
>
> s->buf = avpkt->data;
> s->p = p;
> @@ -736,6 +746,13 @@ static int magy_decode_frame(AVCodecContext *avctx, void *data,
> *got_frame = 1;
>
> return avpkt->size;
> +
> +fail:
> + for (i = 0; i < FF_ARRAY_ELEMS(s->slices); i++) {
> + av_freep(&s->slices[i]);
> + s->slices_size[i] = 0;
> + }
> + return ret;
> }
>
> #if HAVE_THREADS
>
Why should there be a memleak? The slices buffer will be freed in
magy_decode_end (which is called from avcodec_close() (usually via
avcodec_free_context()) at the end of the decoding process). So how
did you detect this memleak?
- Andreas
More information about the ffmpeg-devel
mailing list