[FFmpeg-devel,V1,1/6] lavf/4xm: fix memory leak in error handing path

Submitted by Jun Zhao on Sept. 21, 2019, 2:12 a.m.

Details

Message ID 1569031935-8967-1-git-send-email-mypopydev@gmail.com
State New
Headers show

Commit Message

Jun Zhao Sept. 21, 2019, 2:12 a.m.
From: Jun Zhao <barryjzhao@tencent.com>

need to free the header in error path

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
---
 libavformat/4xm.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

Comments

Michael Niedermayer Sept. 22, 2019, 11:45 a.m.
On Sat, Sep 21, 2019 at 10:12:10AM +0800, Jun Zhao wrote:
> From: Jun Zhao <barryjzhao@tencent.com>
> 
> need to free the header in error path
> 
> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
> ---
>  libavformat/4xm.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/libavformat/4xm.c b/libavformat/4xm.c
> index a984fc9..8054980 100644
> --- a/libavformat/4xm.c
> +++ b/libavformat/4xm.c
> @@ -241,6 +241,7 @@ static int fourxm_read_header(AVFormatContext *s)
>          size       = AV_RL32(&header[i + 4]);
>          if (size > header_size - i - 8 && (fourcc_tag == vtrk_TAG || fourcc_tag == strk_TAG)) {
>              av_log(s, AV_LOG_ERROR, "chunk larger than array %d>%d\n", size, header_size - i - 8);
> +            av_free(header);
>              return AVERROR_INVALIDDATA;

this doesnt free everything, a goto fail is probably better

thx

[...]
mypopy@gmail.com Sept. 23, 2019, 6:43 a.m.
On Sun, Sep 22, 2019 at 7:45 PM Michael Niedermayer
<michael@niedermayer.cc> wrote:
>
> On Sat, Sep 21, 2019 at 10:12:10AM +0800, Jun Zhao wrote:
> > From: Jun Zhao <barryjzhao@tencent.com>
> >
> > need to free the header in error path
> >
> > Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
> > ---
> >  libavformat/4xm.c |    1 +
> >  1 files changed, 1 insertions(+), 0 deletions(-)
> >
> > diff --git a/libavformat/4xm.c b/libavformat/4xm.c
> > index a984fc9..8054980 100644
> > --- a/libavformat/4xm.c
> > +++ b/libavformat/4xm.c
> > @@ -241,6 +241,7 @@ static int fourxm_read_header(AVFormatContext *s)
> >          size       = AV_RL32(&header[i + 4]);
> >          if (size > header_size - i - 8 && (fourcc_tag == vtrk_TAG || fourcc_tag == strk_TAG)) {
> >              av_log(s, AV_LOG_ERROR, "chunk larger than array %d>%d\n", size, header_size - i - 8);
> > +            av_free(header);
> >              return AVERROR_INVALIDDATA;
>
> this doesnt free everything, a goto fail is probably better
>
> thx
Will update the patch as the review, Thanks

Patch hide | download patch | download mbox

diff --git a/libavformat/4xm.c b/libavformat/4xm.c
index a984fc9..8054980 100644
--- a/libavformat/4xm.c
+++ b/libavformat/4xm.c
@@ -241,6 +241,7 @@  static int fourxm_read_header(AVFormatContext *s)
         size       = AV_RL32(&header[i + 4]);
         if (size > header_size - i - 8 && (fourcc_tag == vtrk_TAG || fourcc_tag == strk_TAG)) {
             av_log(s, AV_LOG_ERROR, "chunk larger than array %d>%d\n", size, header_size - i - 8);
+            av_free(header);
             return AVERROR_INVALIDDATA;
         }