There is a potential memory leak bug in file ass_split.c, here is the description.
A piece of memory is allocated on line 283. When executing the loop twice and if the av_realloc_array returns null the function returns without freeing the memory pointed by order. Suggested fix: free(order) before return NULL; on line 284 Reference Ticket: https://trac.ffmpeg.org/ticket/7019#comment:1 Thanks Gang Sbrella From 6850fc3a6562b4f5fb92e72eed125e057ad975ae Mon Sep 17 00:00:00 2001 From: Fan Gang <fang...@sbrella.com> Date: Mon, 12 Feb 2018 18:46:20 +0800 Subject: [PATCH] avcodec/ass: Fix a memory leak defect when realloc fails. --- libavcodec/ass_split.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c index 872528b..c7eb07d 100644 --- a/libavcodec/ass_split.c +++ b/libavcodec/ass_split.c @@ -280,8 +280,10 @@ static const char *ass_split_section(ASSSplitContext *ctx, const char *buf) while (!is_eol(*buf)) { buf = skip_space(buf); len = strcspn(buf, ", \r\n"); - if (!(tmp = av_realloc_array(order, (*number + 1), sizeof(*order)))) + if (!(tmp = av_realloc_array(order, (*number + 1), sizeof(*order)))){ + free(order); return NULL; + } order = tmp; order[*number] = -1; for (i=0; section->fields[i].name; i++) -- 1.9.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
