[FFmpeg-devel] [PATCH v3] avfilter/asrc_sinc: fix leak in config_input()

[Michael Niedermayer]

On Sat, Jun 28, 2025 at 03:08:36PM +0800, Lidong Yan wrote:
> In config_input(), fir_to_phase() allocates memory in h[longer], which
> would leak if av_calloc() to s->coeffs failed. lpf() allocates memory
> in h[0] and h[1], which would leak if fir_to_phase() failed. To fix
> this leak, add av_free(h[longer]) in as cleanup code, and replace
> return AVERROR* with goto cleanup to prevent from leaks.
> 
> Signed-off-by: Lidong Yan <502024330056 at smail.nju.edu.cn>
> 
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> 
> mDMEaEpkmRYJKwYBBAHaRw8BAQdAGwGqH/Dwod+i6kR0/Rhn5GanJ7wK8mM9tWP/
> W2qu8Ti0HTUwMjAyNDMzMDA1NkBzbWFpbC5uanUuZWR1LmNuiJkEExYKAEEWIQQC
> zskBcOehk1y8GoKZR31bPD+6owUCaEpkmQIbAwUJBaOagAULCQgHAgIiAgYVCgkI
> CwIEFgIDAQIeBwIXgAAKCRCZR31bPD+6o8wHAQCLomsA4XfTd8IdG983gGULUJe/
> 0432buy4nX7AsAc87QEA+/QIsWTR6XLJaLa1sLSQCsZkb86U3c17JzG9oivL8gW4
> OARoSmSZEgorBgEEAZdVAQUBAQdAfYrEAWd+6bOXkKvHpFmMvKzxAtlhm6ZQKdAq
> +MlJ7wQDAQgHiHgEGBYKACAWIQQCzskBcOehk1y8GoKZR31bPD+6owUCaEpkmQIb
> DAAKCRCZR31bPD+6ozWxAQC9OFisWrP/hHXUfj8AnC39r5pf5fEBz7lHvFgWNk2b
> XwD7Bl6kvIIW7ReqtgXvcl7u78vEo+e9YeTGTlmAogjpeQk=
> =rP+W
> -----END PGP PUBLIC KEY BLOCK-----
> 
> ---
>  libavfilter/asrc_sinc.c | 16 ++++++++++------
>  1 file changed, 10 insertions(+), 6 deletions(-)
> 
> diff --git a/libavfilter/asrc_sinc.c b/libavfilter/asrc_sinc.c
> index 6ff3303316..63cb04d444 100644
> --- a/libavfilter/asrc_sinc.c
> +++ b/libavfilter/asrc_sinc.c
> @@ -329,7 +329,7 @@ static int config_output(AVFilterLink *outlink)
>      SincContext *s = ctx->priv;
>      float Fn = s->sample_rate * .5f;
>      float *h[2];
> -    int i, n, post_peak, longer;
> +    int i, n, post_peak, longer, ret;
>  
>      outlink->sample_rate = s->sample_rate;
>      s->pts = 0;
> @@ -360,9 +360,9 @@ static int config_output(AVFilterLink *outlink)
>      }
>  
>      if (s->phase != 50.f) {
> -        int ret = fir_to_phase(s, &h[longer], &n, &post_peak, s->phase);
> +        ret = fir_to_phase(s, &h[longer], &n, &post_peak, s->phase);
>          if (ret < 0)
> -            return ret;
> +            goto cleanup;
[...]
> +cleanup:
> +    av_free(h[longer]);
>      return 0;

this is not the correct return code

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Frequently ignored answer#1 FFmpeg bugs should be sent to our bugtracker. User
questions about the command line tools should be sent to the ffmpeg-user ML.
And questions about how to use libav* should be sent to the libav-user ML.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250630/934b1f8a/attachment.sig>