ff_id3v2_parse_priv_dict() uses av_dict_set() with the flags
AV_DICT_DONT_STRDUP_KEY and AV_DICT_DONT_STRDUP_VAL. In this case both
key and value are freed on error (and owned by the destination
dictionary on success), so that freeing them again on error is a
double-free and therefore forbidden. But it nevertheless happened.
Fixes CID 1452489 and 1452421.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
---
libavformat/id3v2.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index b43ab1745f..e9843eef9a 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -1263,8 +1263,6 @@ int ff_id3v2_parse_priv_dict(AVDictionary **metadata,
ID3v2ExtraMeta **extra_met
}
if ((ret = av_dict_set(metadata, key, escaped, dict_flags)) < 0) {
- av_free(key);
- av_free(escaped);
return ret;
}
}
--
2.20.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
