diff mbox series

[FFmpeg-devel] avformat/mov: make better use of av_fast_realloc and fix spurious ENOMEM

Message ID tencent_2B6559F309484B33E4537E15D80903CEA705@qq.com
State New
Headers show
Series [FFmpeg-devel] avformat/mov: make better use of av_fast_realloc and fix spurious ENOMEM | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Zhao Zhili Sept. 23, 2020, 5:28 p.m. UTC 
If sc->ctts_allocated_size is larger than the new buffer size,
av_fast_realloc() will return NULL. Since sc->ctts_data is freed,
ctts_allocated_size should be reset to zero. It's better to avoid
free sc->ctts_data at the first place to make better use of
av_fast_realloc().
---
 libavformat/mov.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

Comments

Zhao Zhili Oct. 17, 2020, 3:54 p.m. UTC | #1 
Ping for review.

> On Sep 24, 2020, at 1:28 AM, Zhao Zhili <quinkblack@foxmail.com> wrote:
> 
> If sc->ctts_allocated_size is larger than the new buffer size,
> av_fast_realloc() will return NULL. Since sc->ctts_data is freed,
> ctts_allocated_size should be reset to zero. It's better to avoid
> free sc->ctts_data at the first place to make better use of
> av_fast_realloc().
> ---
> libavformat/mov.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index dcd263b02a..fcb5a583bd 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -3014,6 +3014,7 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> {
>     AVStream *st;
>     MOVStreamContext *sc;
> +    MOVStts *ctts_data;
>     unsigned int i, entries, ctts_count = 0;
> 
>     if (c->fc->nb_streams < 1)
> @@ -3031,10 +3032,13 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>         return 0;
>     if (entries >= UINT_MAX / sizeof(*sc->ctts_data))
>         return AVERROR_INVALIDDATA;
> -    av_freep(&sc->ctts_data);
> -    sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
> -    if (!sc->ctts_data)
> +    ctts_data = av_fast_realloc(sc->ctts_data, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
> +    if (!ctts_data) {
> +        av_freep(&sc->ctts_data);
> +        sc->ctts_allocated_size = 0;
>         return AVERROR(ENOMEM);
> +    }
> +    sc->ctts_data = ctts_data;
> 
>     for (i = 0; i < entries && !pb->eof_reached; i++) {
>         int count    = avio_rb32(pb);
> -- 
> 2.25.1
>
diff mbox series

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dcd263b02a..fcb5a583bd 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3014,6 +3014,7 @@  static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 {
     AVStream *st;
     MOVStreamContext *sc;
+    MOVStts *ctts_data;
     unsigned int i, entries, ctts_count = 0;
 
     if (c->fc->nb_streams < 1)
@@ -3031,10 +3032,13 @@  static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return 0;
     if (entries >= UINT_MAX / sizeof(*sc->ctts_data))
         return AVERROR_INVALIDDATA;
-    av_freep(&sc->ctts_data);
-    sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
-    if (!sc->ctts_data)
+    ctts_data = av_fast_realloc(sc->ctts_data, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
+    if (!ctts_data) {
+        av_freep(&sc->ctts_data);
+        sc->ctts_allocated_size = 0;
         return AVERROR(ENOMEM);
+    }
+    sc->ctts_data = ctts_data;
 
     for (i = 0; i < entries && !pb->eof_reached; i++) {
         int count    = avio_rb32(pb);