Skip to site navigation (Press enter)

[webkit-changes] [240961] trunk/Source/ThirdParty/libwebrtc

ddkilzer Mon, 04 Feb 2019 19:25:41 -0800

Title: [240961] trunk/Source/ThirdParty/libwebrtc

Revision: 240961
Author: ddkil...@apple.com
Date: 2019-02-04 19:24:54 -0800 (Mon, 04 Feb 2019)

Log Message

vp8e_mr_alloc_mem() leaks LOWER_RES_FRAME_INFO if second memory allocation fails
<https://webkit.org/b/194265>


Reviewed by Youenn Fablet.

* Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c:
(vp8e_mr_alloc_mem):
- Initialize `res` to VPX_CODEC_OK instead of 0.
- Return early if first calloc() fails instead of trying the
  second calloc().  The function would crash dereferencing
  nullptr in `shared_mem_loc->mb_info` otherwise.
- Call free(shared_mem_loc) if the second call to calloc()
  fails.  This fixes the leak.
* WebKit/0003-libwebrtc-fix-vp8e_mr_alloc_mem-leak.diff: Add.

Modified Paths

trunk/Source/ThirdParty/libwebrtc/ChangeLog
trunk/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c

Added Paths

trunk/Source/ThirdParty/libwebrtc/WebKit/0003-libwebrtc-fix-vp8e_mr_alloc_mem-leak.diff

Diff

Modified: trunk/Source/ThirdParty/libwebrtc/ChangeLog (240960 => 240961)


--- trunk/Source/ThirdParty/libwebrtc/ChangeLog	2019-02-05 03:23:05 UTC (rev 240960)
+++ trunk/Source/ThirdParty/libwebrtc/ChangeLog	2019-02-05 03:24:54 UTC (rev 240961)
@@ -1,3 +1,20 @@
+2019-02-04  David Kilzer  <ddkil...@apple.com>
+
+        vp8e_mr_alloc_mem() leaks LOWER_RES_FRAME_INFO if second memory allocation fails
+        <https://webkit.org/b/194265>
+
+        Reviewed by Youenn Fablet.
+
+        * Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c:
+        (vp8e_mr_alloc_mem):
+        - Initialize `res` to VPX_CODEC_OK instead of 0.
+        - Return early if first calloc() fails instead of trying the
+          second calloc().  The function would crash dereferencing
+          nullptr in `shared_mem_loc->mb_info` otherwise.
+        - Call free(shared_mem_loc) if the second call to calloc()
+          fails.  This fixes the leak.
+        * WebKit/0003-libwebrtc-fix-vp8e_mr_alloc_mem-leak.diff: Add.
+
 2019-01-30  Commit Queue  <commit-qu...@webkit.org>
 
         Unreviewed, rolling out r240665.

Modified: trunk/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c (240960 => 240961)


--- trunk/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c	2019-02-05 03:23:05 UTC (rev 240960)
+++ trunk/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c	2019-02-05 03:24:54 UTC (rev 240961)
@@ -577,7 +577,7 @@
 
 static vpx_codec_err_t vp8e_mr_alloc_mem(const vpx_codec_enc_cfg_t *cfg,
                                          void **mem_loc) {
-  vpx_codec_err_t res = 0;
+  vpx_codec_err_t res = VPX_CODEC_OK;
 
 #if CONFIG_MULTI_RES_ENCODING
   LOWER_RES_FRAME_INFO *shared_mem_loc;
@@ -586,12 +586,13 @@
 
   shared_mem_loc = calloc(1, sizeof(LOWER_RES_FRAME_INFO));
   if (!shared_mem_loc) {
-    res = VPX_CODEC_MEM_ERROR;
+    return VPX_CODEC_MEM_ERROR;
   }
 
   shared_mem_loc->mb_info =
       calloc(mb_rows * mb_cols, sizeof(LOWER_RES_MB_INFO));
   if (!(shared_mem_loc->mb_info)) {
+    free(shared_mem_loc);
     res = VPX_CODEC_MEM_ERROR;
   } else {
     *mem_loc = (void *)shared_mem_loc;

Added: trunk/Source/ThirdParty/libwebrtc/WebKit/0003-libwebrtc-fix-vp8e_mr_alloc_mem-leak.diff (0 => 240961)


--- trunk/Source/ThirdParty/libwebrtc/WebKit/0003-libwebrtc-fix-vp8e_mr_alloc_mem-leak.diff	                        (rev 0)
+++ trunk/Source/ThirdParty/libwebrtc/WebKit/0003-libwebrtc-fix-vp8e_mr_alloc_mem-leak.diff	2019-02-05 03:24:54 UTC (rev 240961)
@@ -0,0 +1,28 @@
+diff --git a/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c b/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c
+index d3e20059410..b67baab24d1 100644
+--- a/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c
++++ b/Source/ThirdParty/libwebrtc/Source/third_party/libvpx/source/libvpx/vp8/vp8_cx_iface.c
+@@ -577,7 +577,7 @@ static vpx_codec_err_t set_screen_content_mode(vpx_codec_alg_priv_t *ctx,
+ 
+ static vpx_codec_err_t vp8e_mr_alloc_mem(const vpx_codec_enc_cfg_t *cfg,
+                                          void **mem_loc) {
+-  vpx_codec_err_t res = 0;
++  vpx_codec_err_t res = VPX_CODEC_OK;
+ 
+ #if CONFIG_MULTI_RES_ENCODING
+   LOWER_RES_FRAME_INFO *shared_mem_loc;
+@@ -586,12 +586,13 @@ static vpx_codec_err_t vp8e_mr_alloc_mem(const vpx_codec_enc_cfg_t *cfg,
+ 
+   shared_mem_loc = calloc(1, sizeof(LOWER_RES_FRAME_INFO));
+   if (!shared_mem_loc) {
+-    res = VPX_CODEC_MEM_ERROR;
++    return VPX_CODEC_MEM_ERROR;
+   }
+ 
+   shared_mem_loc->mb_info =
+       calloc(mb_rows * mb_cols, sizeof(LOWER_RES_MB_INFO));
+   if (!(shared_mem_loc->mb_info)) {
++    free(shared_mem_loc);
+     res = VPX_CODEC_MEM_ERROR;
+   } else {
+     *mem_loc = (void *)shared_mem_loc;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes