[FFmpeg-devel] [PATCH v1] avformat/imf: fix bad free() when directory name of the input url is empty
Zane van Iperen
zane at zanevaniperen.com
Wed Jan 5 04:30:20 EET 2022
On 5/1/22 11:44, Pierre-Anthony Lemieux wrote:
> On Tue, Jan 4, 2022 at 5:39 PM Zane van Iperen <zane at zanevaniperen.com> wrote:
>>
>>
>>
>> On 4/1/22 01:59, pal at sandflow.com wrote:
>>> From: Pierre-Anthony Lemieux <pal at palemieux.com>
>>>
>>> Signed-off-by: Pierre-Anthony Lemieux <pal at palemieux.com>
>>> ---
>>>
>>> Notes:
>>> Found through manual fuzzing.
>>>
>>> libavformat/imfdec.c | 6 +++++-
>>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/libavformat/imfdec.c b/libavformat/imfdec.c
>>> index f17064cfcd..4e42db8d30 100644
>>> --- a/libavformat/imfdec.c
>>> +++ b/libavformat/imfdec.c
>>> @@ -622,11 +622,15 @@ static int imf_read_header(AVFormatContext *s)
>>> int ret = 0;
>>>
>>> c->interrupt_callback = &s->interrupt_callback;
>>> +
>>> tmp_str = av_strdup(s->url);
>>> if (!tmp_str)
>>> return AVERROR(ENOMEM);
>>> + c->base_url = av_strdup(av_dirname(tmp_str));
>>
>> Is the second av_strdup() here required? You've already done it above
>> and av_dirname() just sticks a '\0' at the last separator,
>
> This is what I thought.
>
>> so it should
>> be safe to remove it:
>
> As I understand it, av_dirname() actually returns a pointer to its own
> "." string when the input is either empty or does not contain, in
> which case we must make a copy.
>
You're right. This is ugly, but I don't see a nicer way to do it.
This lgtm then.
More information about the ffmpeg-devel
mailing list