mån 2020-07-20 klockan 08:15 +0200 skrev Andreas Rheinhardt:
> When parsing MXF encountering some tags leads to allocations. And when
> these tags were encountered repeatedly, this could lead to memleaks,
> because the pointer to the old data got simply overwritten with a
> pointer to the new data (or to NULL on allocation failure). This has
> been fixed.
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
> ---
> libavformat/mxfdec.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index 3016885e75..f0975f409e 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -850,6 +850,7 @@ static int mxf_read_cryptographic_context(void *arg,
> AVIOContext *pb, int tag, i
> static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count)
> {
> *count = avio_rb32(pb);
> + av_free(*refs);
> *refs = av_calloc(*count, sizeof(UID));
> if (!*refs) {
> *count = 0;
> @@ -903,10 +904,8 @@ static int mxf_read_content_storage(void *arg,
> AVIOContext *pb, int tag, int siz
> case 0x1901:
> if (mxf->packages_refs)
> av_log(mxf->fc, AV_LOG_VERBOSE, "Multiple packages_refs\n");
> - av_free(mxf->packages_refs);
> return mxf_read_strong_ref_array(pb, &mxf->packages_refs,
> &mxf->packages_count);
> case 0x1902:
> - av_free(mxf->essence_container_data_refs);
Good catch. Looks OK
/Tomas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
