On 8/9/20, Andreas Rheinhardt <andreas.rheinha...@gmail.com> wrote: > The query_formats function of the remap filter tries to allocate > two lists of formats which on success are attached to more permanent objects > (AVFilterLinks) for storage afterwards. If attaching a list to an > AVFilterLink succeeds, it is in turn owned by the AVFilterLink (or more > exactly, the AVFilterLink becomes one of the common owners of the list). > Yet if attaching a list to one of its links succeeds and an error happens > lateron, both lists were manually freed, which means that is wrong if the > list is already owned by one or more links; these links' pointers to > their lists will become dangling and there will be a double-free/use-after- > free when these links are cleaned up automatically. > > This commit fixes this by removing the custom free code; this will > temporarily add a leaking codepath (if attaching a list not already > owned by a link to a link fails, the list will leak), but this will > be fixed soon by making sure that an AVFilterFormats without owner will > be automatically freed when attaching it to an AVFilterLink fails. > Notice at most one list leaks because a new list is only allocated > after the old list has been successfully attached to a link. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com> > --- > libavfilter/vf_remap.c | 24 +++++++----------------- > 1 file changed, 7 insertions(+), 17 deletions(-) >
LGTM _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
