[FFmpeg-devel] [PATCH v1] avformat/imf: fix bad free() when directory name of the input url is empty
Zane van Iperen
zane at zanevaniperen.com
Wed Jan 5 03:38:45 EET 2022
On 4/1/22 01:59, pal at sandflow.com wrote:
> From: Pierre-Anthony Lemieux <pal at palemieux.com>
>
> Signed-off-by: Pierre-Anthony Lemieux <pal at palemieux.com>
> ---
>
> Notes:
> Found through manual fuzzing.
>
> libavformat/imfdec.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/imfdec.c b/libavformat/imfdec.c
> index f17064cfcd..4e42db8d30 100644
> --- a/libavformat/imfdec.c
> +++ b/libavformat/imfdec.c
> @@ -622,11 +622,15 @@ static int imf_read_header(AVFormatContext *s)
> int ret = 0;
>
> c->interrupt_callback = &s->interrupt_callback;
> +
> tmp_str = av_strdup(s->url);
> if (!tmp_str)
> return AVERROR(ENOMEM);
> + c->base_url = av_strdup(av_dirname(tmp_str));
Is the second av_strdup() here required? You've already done it above
and av_dirname() just sticks a '\0' at the last separator, so it should
be safe to remove it:
if (!(c->base_url = av_strdup(s->url)))
return AVERROR(ENOMEM);
c->base_url = av_dirname(c->base_url);
More information about the ffmpeg-devel
mailing list