ffmpeg | branch: master | Kacper Michajłow <kaspe...@gmail.com> | Fri Jul 4 19:56:59 2025 +0200| [6f88b90f6c77c5e419736edfe6e2a6fe216dc3d3] | committer: Kacper Michajłow
avutil/avstring: shrink allocation from av_get_token to fit token av_get_token() allocates an output buffer with the same size as the input. Generally, this is harmless, but when the input string is large and consists of many small tokens, calling av_get_token() repeatedly to extract all tokens will significantly amplify memory allocations. To fix this, after obtaining the return value, simply realloc the buffer to the actual size needed for output string. Fixes OOM when parsing filter graph string. Fixes OSS-Fuzz: 394983446 Signed-off-by: Kacper Michajłow <kaspe...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f88b90f6c77c5e419736edfe6e2a6fe216dc3d3 --- libavutil/avstring.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavutil/avstring.c b/libavutil/avstring.c index 875eb691db..281c5cdc88 100644 --- a/libavutil/avstring.c +++ b/libavutil/avstring.c @@ -142,7 +142,7 @@ end: char *av_get_token(const char **buf, const char *term) { - char *out = av_malloc(strlen(*buf) + 1); + char *out = av_realloc(NULL, strlen(*buf) + 1); char *ret = out, *end = out; const char *p = *buf; if (!out) @@ -172,7 +172,8 @@ char *av_get_token(const char **buf, const char *term) *buf = p; - return ret; + char *small_ret = av_realloc(ret, out - ret + 2); + return small_ret ? small_ret : ret; } char *av_strtok(char *s, const char *delim, char **saveptr) _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
