Message ID | 20190920203916.16904-2-andreas.rheinhardt@gmail.com |
---|---|
State | Changes Requested |
Headers | show |
On Fri, Sep 20, 2019 at 10:39:08PM +0200, Andreas Rheinhardt wrote: > ff_read_packet had several potential memleaks: > 1. If av_packet_make_refcounted fails, it means that the packet is not > refcounted, but it could nevertheless carry side data and therefore > needs to be unreferenced. > 2. If a packet happens to have an illegal stream index (i.e. one that > does not correspond to a stream), it should nevertheless be > unreferenced. > 3. If putting a packet on a packet list fails, it wasn't unreferenced. > > Furthermore, read_frame_internal leaked a packet's (side) data if a > context update was required and failed. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > libavformat/utils.c | 17 +++++++++++++---- > 1 file changed, 13 insertions(+), 4 deletions(-) > > diff --git a/libavformat/utils.c b/libavformat/utils.c > index 3983a3f4ce..652642a71b 100644 > --- a/libavformat/utils.c > +++ b/libavformat/utils.c > @@ -872,8 +872,10 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt) > } > > err = av_packet_make_refcounted(pkt); > - if (err < 0) > + if (err < 0) { > + av_packet_unref(pkt); > return err; > + } > > if ((s->flags & AVFMT_FLAG_DISCARD_CORRUPT) && > (pkt->flags & AV_PKT_FLAG_CORRUPT)) { > @@ -886,6 +888,7 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt) > > if (pkt->stream_index >= (unsigned)s->nb_streams) { > av_log(s, AV_LOG_ERROR, "Invalid stream index %d\n", pkt->stream_index); > + av_packet_unref(pkt); > continue; > } > What does generate invalid stream indexes ? if nothing then this should probably be an av_assert*() thx [...]
diff --git a/libavformat/utils.c b/libavformat/utils.c index 3983a3f4ce..652642a71b 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -872,8 +872,10 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt) } err = av_packet_make_refcounted(pkt); - if (err < 0) + if (err < 0) { + av_packet_unref(pkt); return err; + } if ((s->flags & AVFMT_FLAG_DISCARD_CORRUPT) && (pkt->flags & AV_PKT_FLAG_CORRUPT)) { @@ -886,6 +888,7 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt) if (pkt->stream_index >= (unsigned)s->nb_streams) { av_log(s, AV_LOG_ERROR, "Invalid stream index %d\n", pkt->stream_index); + av_packet_unref(pkt); continue; } @@ -916,8 +919,10 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt) err = ff_packet_list_put(&s->internal->raw_packet_buffer, &s->internal->raw_packet_buffer_end, pkt, 0); - if (err) + if (err < 0) { + av_packet_unref(pkt); return err; + } s->internal->raw_packet_buffer_remaining_size -= pkt->size; if ((err = probe_codec(s, st, pkt)) < 0) @@ -1610,15 +1615,19 @@ static int read_frame_internal(AVFormatContext *s, AVPacket *pkt) } ret = avcodec_parameters_to_context(st->internal->avctx, st->codecpar); - if (ret < 0) + if (ret < 0) { + av_packet_unref(&cur_pkt); return ret; + } #if FF_API_LAVF_AVCTX FF_DISABLE_DEPRECATION_WARNINGS /* update deprecated public codec context */ ret = avcodec_parameters_to_context(st->codec, st->codecpar); - if (ret < 0) + if (ret < 0) { + av_packet_unref(&cur_pkt); return ret; + } FF_ENABLE_DEPRECATION_WARNINGS #endif
ff_read_packet had several potential memleaks: 1. If av_packet_make_refcounted fails, it means that the packet is not refcounted, but it could nevertheless carry side data and therefore needs to be unreferenced. 2. If a packet happens to have an illegal stream index (i.e. one that does not correspond to a stream), it should nevertheless be unreferenced. 3. If putting a packet on a packet list fails, it wasn't unreferenced. Furthermore, read_frame_internal leaked a packet's (side) data if a context update was required and failed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavformat/utils.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-)