Re: [FFmpeg-devel] [PATCH 3/3] nutdec: fix various memleaks on failure

Sat, 23 May 2015 05:05:45 -0700 

On Sat, May 23, 2015 at 11:05:48AM +0200, Andreas Cadhalpun wrote:
> On 23.05.2015 10:52, Andreas Cadhalpun wrote:
> > On 23.05.2015 01:36, Michael Niedermayer wrote:
> >> On Fri, May 22, 2015 at 11:36:55PM +0200, Andreas Cadhalpun wrote:
> >> [...]
> >>> @@ -1095,10 +1121,14 @@ static int decode_frame(NUTContext *nut, AVPacket 
> >>> *pkt, int frame_code)
> >>>      pkt->pos = avio_tell(bc); // FIXME
> >>>      if (stc->last_flags & FLAG_SM_DATA) {
> >>>          int sm_size;
> >>> -        if (read_sm_data(s, bc, pkt, 0, pkt->pos + size) < 0)
> >>> -            return AVERROR_INVALIDDATA;
> >>> -        if (read_sm_data(s, bc, pkt, 1, pkt->pos + size) < 0)
> >>> -            return AVERROR_INVALIDDATA;
> >>> +        if (read_sm_data(s, bc, pkt, 0, pkt->pos + size) < 0) {
> >>> +            ret = AVERROR_INVALIDDATA;
> >>> +            goto fail;
> >>> +        }
> >>> +        if (read_sm_data(s, bc, pkt, 1, pkt->pos + size) < 0) {
> >>> +            ret = AVERROR_INVALIDDATA;
> >>> +            goto fail;
> >>> +        }
> >>
> >> it seems this function is missing a int ret
> > 
> > It was added in commit af7ca6ea.
> 
> You meant that decode_frame_header missed a int ret.
> Fixed now.
> 
> Best regards,
> Andreas
> 

>  nutdec.c |   84 
> +++++++++++++++++++++++++++++++++++++++++++++------------------
>  1 file changed, 60 insertions(+), 24 deletions(-)
> 4cc0440459f6b5e2223aaf2b667e3f222908714d  
> 0001-nutdec-fix-various-memleaks-on-failure.patch
> From 60de9fa45698acd206dccfc6eb634a1e6a49889f Mon Sep 17 00:00:00 2001
> From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
> Date: Fri, 22 May 2015 23:02:07 +0200
> Subject: [PATCH] nutdec: fix various memleaks on failure
> 
> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
> ---
>  libavformat/nutdec.c | 84 
> +++++++++++++++++++++++++++++++++++++---------------
>  1 file changed, 60 insertions(+), 24 deletions(-)
> 
> diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
> index eeaf8bf..0757a70 100644
> --- a/libavformat/nutdec.c
> +++ b/libavformat/nutdec.c
> @@ -203,7 +203,8 @@ static int nut_probe(AVProbeData *p)
>          tmp = ffio_read_varlen(bc);                                          
>  \
>          if (!(check)) {                                                      
>  \
>              av_log(s, AV_LOG_ERROR, "Error " #dst " is (%"PRId64")\n", tmp); 
>  \
> -            return AVERROR_INVALIDDATA;                                      
>  \
> +            ret = AVERROR_INVALIDDATA;                                       
>  \
> +            goto fail;                                                       
>  \
>          }                                                                    
>  \
>          dst = tmp;                                                           
>  \
>      } while (0)

with this syncpoints and has_keyframes must be set to NULL in
find_and_decode_index() otherwise the later free might be freeing
a uninitialized pointer

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are too smart to engage in politics are punished by being
governed by those who are dumber. -- Plato

Attachment: signature.asc
Description: Digital signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to