This fix is rather messy because of AV_DICT_DONT_STRDUP_VAL. It's not
even clear how this should be handled. Maybe freeing the user's data on
failure would actually be ok.
---
libavutil/dict.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavutil/dict.c b/libavutil/dict.c
index a362de0..c4b97dc 100644
--- a/libavutil/dict.c
+++ b/libavutil/dict.c
@@ -72,6 +72,7 @@ int av_dict_set(AVDictionary **pm, const char *key, const
char *value,
AVDictionary *m = *pm;
AVDictionaryEntry *tag = av_dict_get(m, key, NULL, flags);
char *oldval = NULL;
+ void *tmp = NULL;
if (!m)
m = *pm = av_mallocz(sizeof(*m));
@@ -104,6 +105,7 @@ int av_dict_set(AVDictionary **pm, const char *key, const
char *value,
m->elems[m->count].key = av_strdup(key);
if (!m->elems[m->count].key)
goto err_out;
+ tmp = m->elems[m->count].key;
if (flags & AV_DICT_DONT_STRDUP_VAL) {
m->elems[m->count].value = (char*)(intptr_t)value;
} else if (oldval && flags & AV_DICT_APPEND) {
@@ -117,7 +119,10 @@ int av_dict_set(AVDictionary **pm, const char *key, const
char *value,
m->elems[m->count].value = newval;
} else
m->elems[m->count].value = av_strdup(value);
+ if (!m->elems[m->count].value)
+ goto err_out;
m->count++;
+ tmp = NULL;
}
if (!m->count) {
av_free(m->elems);
@@ -133,6 +138,7 @@ err_out:
}
if (flags & AV_DICT_DONT_STRDUP_KEY) av_free((void*)key);
if (flags & AV_DICT_DONT_STRDUP_VAL) av_free((void*)value);
+ av_free(tmp);
return AVERROR(ENOMEM);
}
--
2.1.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
