Message ID | AM7PR03MB6660C820A76D52DC8E49D87F8F5A9@AM7PR03MB6660.eurprd03.prod.outlook.com |
---|---|
State | Accepted |
Commit | 61cbfdc0a29e88483a6fa9645f64fec71983689a |
Headers | show |
Series | [FFmpeg-devel] avformat/http: Fix double-free on error | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
andriy/make_ppc | success | Make finished |
andriy/make_fate_ppc | fail | Make fate failed |
andriy/make_armv7_RPi4 | success | Make finished |
andriy/make_fate_armv7_RPi4 | success | Make fate finished |
andriy/make_aarch64_jetson | success | Make finished |
andriy/make_fate_aarch64_jetson | success | Make fate finished |
> > -----Original Message----- > From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of Andreas Rheinhardt > Sent: Thursday, 20 January 2022 21:21 > To: ffmpeg-devel@ffmpeg.org > Cc: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> > Subject: [FFmpeg-devel] [PATCH] avformat/http: Fix double-free on error > > > av_dict_set() with AV_DICT_DONT_STRDUP_VAL takes ownership of the string it is passed to as val; this includes freeing it on error. > > Fixes Coverity issue #1497468. > Indeed, I missed that fact... can this be merged? Thanks Eran > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> > --- > Untested. > > libavformat/http.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/libavformat/http.c b/libavformat/http.c index cf04d3f14f..8b5fc3d2a4 100644 > --- a/libavformat/http.c > +++ b/libavformat/http.c > @@ -335,10 +335,8 @@ static int redirect_cache_set(HTTPContext *s, const char *source, const char *de > } > > ret = av_dict_set(&s->redirect_cache, source, value, AV_DICT_MATCH_CASE | AV_DICT_DONT_STRDUP_VAL); > - if (ret < 0) { > - av_free(value); > + if (ret < 0) > return ret; > - } > > return 0; > } > -- > 2.32.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fffmpeg.org%2Fmailman%2Flistinfo%2Fffmpeg-devel&data=04%7C01%7C%7C277f3c04eefa499b2f2308d9dc4c1260%7C0c503748de3f4e2597e26819d53a42b6%7C1%7C1%7C637783041561456917%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=aW6o8YRQtDoE2tMOmg1N0qaFYu9L11TqPETX7ebUTFg%3D&reserved=0 > > To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
diff --git a/libavformat/http.c b/libavformat/http.c index cf04d3f14f..8b5fc3d2a4 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -335,10 +335,8 @@ static int redirect_cache_set(HTTPContext *s, const char *source, const char *de } ret = av_dict_set(&s->redirect_cache, source, value, AV_DICT_MATCH_CASE | AV_DICT_DONT_STRDUP_VAL); - if (ret < 0) { - av_free(value); + if (ret < 0) return ret; - } return 0; }
av_dict_set() with AV_DICT_DONT_STRDUP_VAL takes ownership of the string it is passed to as val; this includes freeing it on error. Fixes Coverity issue #1497468. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> --- Untested. libavformat/http.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)