[FFmpeg-devel] [PATCH v4 2/3] avformat/sapenc: fix leak in sap_write_header()
Michael Niedermayer
michael at niedermayer.cc
Fri Jul 4 16:56:29 EEST 2025
On Mon, Jun 30, 2025 at 11:01:13PM +0800, Lidong Yan wrote:
> In sap_write_header(), ff_format_set_url() assign new allocated new_url
> to contexts[i]->url but forgot to free it later. Add for loop to free
> contexts[i]->url before av_free(context).
>
> To prevent from writing free-for-loop in every return point, replace
> `return 0` with `ret = 0` so normal execution can fall through cleanup
> code.
>
> Signed-off-by: Lidong Yan <502024330056 at smail.nju.edu.cn>
> ---
> libavformat/sapenc.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/sapenc.c b/libavformat/sapenc.c
> index 87a834a8d8..0882690ba5 100644
> --- a/libavformat/sapenc.c
> +++ b/libavformat/sapenc.c
> @@ -244,11 +244,15 @@ static int sap_write_header(AVFormatContext *s)
> goto fail;
> }
>
> - return 0;
> + ret = 0;
>
av_freep(&contexts);
...
if (sap->ann_size > sap->ann_fd->max_packet_size) {
av_log(s, AV_LOG_ERROR, "Announcement too large to send in one "
"packet\n");
goto fail;
> fail:
> + for (i = 0; i < s->nb_streams; i++)
> + if (contexts[i])
> + av_free(contexts[i]->url);
contexts will be NULL so i would assume contexts[i] will segfault
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Rewriting code that is poorly written but fully understood is good.
Rewriting code that one doesnt understand is a sign that one is less smart
than the original author, trying to rewrite it will not make it better.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250704/5e425ff7/attachment.sig>
More information about the ffmpeg-devel
mailing list