| Message ID | bc65d706-0682-98c2-7e64-528b6bed51fc@googlemail.com |
|---|---|
| State | Accepted |
| Commit | 8a4ea9644833d43fdfe8579c0cb569f8a0930206 |
| Headers | show |
On 4 November 2016 at 18:10, Andreas Cadhalpun < andreas.cadhalpun@googlemail.com> wrote: > This fixes a double-free detected by AddressSanitizer. > > The problem was introduced in commit > dcad4677d637cd2f701917e38361fa96b8c9a418. > > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavcodec/diracdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c > index b183fad..5c669ff 100644 > --- a/libavcodec/diracdec.c > +++ b/libavcodec/diracdec.c > @@ -907,7 +907,7 @@ static int decode_lowdelay(DiracContext *s) > int slice_num = 0; > > if (s->slice_params_num_buf != (s->num_x * s->num_y)) { > - s->slice_params_buf = av_realloc_f(s->thread_buf, s->num_x * > s->num_y, sizeof(DiracSlice)); > + s->slice_params_buf = av_realloc_f(s->slice_params_buf, s->num_x > * s->num_y, sizeof(DiracSlice)); > if (!s->slice_params_buf) { > av_log(s->avctx, AV_LOG_ERROR, "slice params buffer > allocation failure\n"); > return AVERROR(ENOMEM); > -- > 2.10.1 > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > Damn, not sure how I made a mistake that stupid. LGTM, feel free to push
On 04.11.2016 20:07, Rostislav Pehlivanov wrote: > On 4 November 2016 at 18:10, Andreas Cadhalpun < > andreas.cadhalpun@googlemail.com> wrote: > >> This fixes a double-free detected by AddressSanitizer. >> >> The problem was introduced in commit >> dcad4677d637cd2f701917e38361fa96b8c9a418. >> >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> >> --- >> libavcodec/diracdec.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c >> index b183fad..5c669ff 100644 >> --- a/libavcodec/diracdec.c >> +++ b/libavcodec/diracdec.c >> @@ -907,7 +907,7 @@ static int decode_lowdelay(DiracContext *s) >> int slice_num = 0; >> >> if (s->slice_params_num_buf != (s->num_x * s->num_y)) { >> - s->slice_params_buf = av_realloc_f(s->thread_buf, s->num_x * >> s->num_y, sizeof(DiracSlice)); >> + s->slice_params_buf = av_realloc_f(s->slice_params_buf, s->num_x >> * s->num_y, sizeof(DiracSlice)); >> if (!s->slice_params_buf) { >> av_log(s->avctx, AV_LOG_ERROR, "slice params buffer >> allocation failure\n"); >> return AVERROR(ENOMEM); >> -- >> 2.10.1 >> _______________________________________________ >> ffmpeg-devel mailing list >> ffmpeg-devel@ffmpeg.org >> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel >> > > Damn, not sure how I made a mistake that stupid. It can happen to any of use. > LGTM, feel free to push Set pushed. Best regards, Andreas
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index b183fad..5c669ff 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -907,7 +907,7 @@ static int decode_lowdelay(DiracContext *s) int slice_num = 0; if (s->slice_params_num_buf != (s->num_x * s->num_y)) { - s->slice_params_buf = av_realloc_f(s->thread_buf, s->num_x * s->num_y, sizeof(DiracSlice)); + s->slice_params_buf = av_realloc_f(s->slice_params_buf, s->num_x * s->num_y, sizeof(DiracSlice)); if (!s->slice_params_buf) { av_log(s->avctx, AV_LOG_ERROR, "slice params buffer allocation failure\n"); return AVERROR(ENOMEM);
This fixes a double-free detected by AddressSanitizer. The problem was introduced in commit dcad4677d637cd2f701917e38361fa96b8c9a418. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavcodec/diracdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)