Message ID | 20161119161027.4792-1-jamrial@gmail.com |
---|---|
State | Accepted |
Commit | aa498c3183236a93206b4a0e8225b9db0660b50d |
Headers | show |
On Sat, Nov 19, 2016 at 01:10:27PM -0300, James Almer wrote: > If realloc fails, the pointer is overwritten and the previously allocated buffer > is leaked, which goes against the expected functionality of keeping the packet > unchanged in case of error. > > Signed-off-by: James Almer <jamrial@gmail.com> > --- > Should i backport this to affected branches? > > libavcodec/avpacket.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) LGTM thx [...]
On 11/19/2016 7:30 PM, Michael Niedermayer wrote: > On Sat, Nov 19, 2016 at 01:10:27PM -0300, James Almer wrote: >> If realloc fails, the pointer is overwritten and the previously allocated buffer >> is leaked, which goes against the expected functionality of keeping the packet >> unchanged in case of error. >> >> Signed-off-by: James Almer <jamrial@gmail.com> >> --- >> Should i backport this to affected branches? >> >> libavcodec/avpacket.c | 7 ++++--- >> 1 file changed, 4 insertions(+), 3 deletions(-) > > LGTM > > thx Pushed and backported to releases 3.0, 3.1 and 3.2. Thanks.
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c index c3f871c..e5a8bdb 100644 --- a/libavcodec/avpacket.c +++ b/libavcodec/avpacket.c @@ -295,16 +295,17 @@ FF_ENABLE_DEPRECATION_WARNINGS int av_packet_add_side_data(AVPacket *pkt, enum AVPacketSideDataType type, uint8_t *data, size_t size) { + AVPacketSideData *tmp; int elems = pkt->side_data_elems; if ((unsigned)elems + 1 > INT_MAX / sizeof(*pkt->side_data)) return AVERROR(ERANGE); - pkt->side_data = av_realloc(pkt->side_data, - (elems + 1) * sizeof(*pkt->side_data)); - if (!pkt->side_data) + tmp = av_realloc(pkt->side_data, (elems + 1) * sizeof(*tmp)); + if (!tmp) return AVERROR(ENOMEM); + pkt->side_data = tmp; pkt->side_data[elems].data = data; pkt->side_data[elems].size = size; pkt->side_data[elems].type = type;
If realloc fails, the pointer is overwritten and the previously allocated buffer is leaked, which goes against the expected functionality of keeping the packet unchanged in case of error. Signed-off-by: James Almer <jamrial@gmail.com> --- Should i backport this to affected branches? libavcodec/avpacket.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)