[FFmpeg-devel,1/3] tools/target_dec_fuzzer: fix memleak of extradata

Submitted by Michael Niedermayer on July 11, 2019, 12:29 p.m.

Details

Message ID 20190711122918.20176-1-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer July 11, 2019, 12:29 p.m.
Fixes: memleak
Fixes: 15535/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5692162424963072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

James Almer July 11, 2019, 2:34 p.m.
On 7/11/2019 9:29 AM, Michael Niedermayer wrote:
> Fixes: memleak
> Fixes: 15535/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5692162424963072
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  tools/target_dec_fuzzer.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> index f456db0e7b..a2ef94139b 100644
> --- a/tools/target_dec_fuzzer.c
> +++ b/tools/target_dec_fuzzer.c
> @@ -201,7 +201,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>  
>      int res = avcodec_open2(ctx, c, NULL);
>      if (res < 0) {
> -        av_free(ctx);
> +        avcodec_free_context(&ctx);

Wasn't this fixed by b1febda061?
>          av_free(parser_avctx);
>          return 0; // Failure of avcodec_open2() does not imply that a issue was found
>      }
>
Michael Niedermayer July 13, 2019, 12:34 p.m.
On Thu, Jul 11, 2019 at 11:34:10AM -0300, James Almer wrote:
> On 7/11/2019 9:29 AM, Michael Niedermayer wrote:
> > Fixes: memleak
> > Fixes: 15535/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5692162424963072
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  tools/target_dec_fuzzer.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> > index f456db0e7b..a2ef94139b 100644
> > --- a/tools/target_dec_fuzzer.c
> > +++ b/tools/target_dec_fuzzer.c
> > @@ -201,7 +201,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> >  
> >      int res = avcodec_open2(ctx, c, NULL);
> >      if (res < 0) {
> > -        av_free(ctx);
> > +        avcodec_free_context(&ctx);
> 
> Wasn't this fixed by b1febda061?

no, this still occurs without the patch here

==24989==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 183 byte(s) in 1 object(s) allocated from:

[...]

Patch hide | download patch | download mbox

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index f456db0e7b..a2ef94139b 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -201,7 +201,7 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
     int res = avcodec_open2(ctx, c, NULL);
     if (res < 0) {
-        av_free(ctx);
+        avcodec_free_context(&ctx);
         av_free(parser_avctx);
         return 0; // Failure of avcodec_open2() does not imply that a issue was found
     }