[FFmpeg-devel] [PATCH] avformat/tedcaptionsdec: Fix leak of AVBPrint upon error
Nicolas George
george at nsup.org
Sun Sep 20 17:54:28 EEST 2020
Andreas Rheinhardt (12020-09-20):
> The tedcaptions demuxer uses an AVBPrint whose string is not restricted
> to its internal buffer; it therefore needs to be cleaned up, yet this is
> not done on error, as parse_file() returned simply returned directly.
> This is fixed by going to fail first in such cases.
> Furthermore, there is also a second way how this string can leak: By
> having more than one subtitle per subtitle block, as the new one simply
> overwrites the old one in this case as the AVBPrint is initialized each
> time upon encountering a subtitle line. The code has been modified to
> simply append the new subtitle to the old one, so that the old one can't
> leak any more.
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
> libavformat/tedcaptionsdec.c | 73 ++++++++++++++++++------------------
> 1 file changed, 36 insertions(+), 37 deletions(-)
Should be ok.
I notice that the code calls ff_subtitles_queue_insert() without
checking if the buffer is truncated. It should be fixed too, but that
is separate from this patch.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200920/7c1780ea/attachment.sig>
More information about the ffmpeg-devel
mailing list