If realloc fails, the pointer is overwritten and the previously allocated buffer
is leaked, which goes against the expected functionality of keeping the packet
unchanged in case of error.
Signed-off-by: James Almer <jamr...@gmail.com>
---
Should i backport this to affected branches?
libavcodec/avpacket.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index c3f871c..e5a8bdb 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -295,16 +295,17 @@ FF_ENABLE_DEPRECATION_WARNINGS
int av_packet_add_side_data(AVPacket *pkt, enum AVPacketSideDataType type,
uint8_t *data, size_t size)
{
+ AVPacketSideData *tmp;
int elems = pkt->side_data_elems;
if ((unsigned)elems + 1 > INT_MAX / sizeof(*pkt->side_data))
return AVERROR(ERANGE);
- pkt->side_data = av_realloc(pkt->side_data,
- (elems + 1) * sizeof(*pkt->side_data));
- if (!pkt->side_data)
+ tmp = av_realloc(pkt->side_data, (elems + 1) * sizeof(*tmp));
+ if (!tmp)
return AVERROR(ENOMEM);
+ pkt->side_data = tmp;
pkt->side_data[elems].data = data;
pkt->side_data[elems].size = size;
pkt->side_data[elems].type = type;
--
2.10.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
