| Message ID | 20190924163144.26443-2-andreas.rheinhardt@gmail.com |
|---|---|
| State | Accepted |
| Commit | 66d5e43b9909804511a3e1fb65f6f0bbb0264eb3 |
| Headers | show |
On 9/24/2019 1:31 PM, Andreas Rheinhardt wrote: > ff_read_packet had potential memleaks: > 1. If av_packet_make_refcounted fails, it means that the packet is not > refcounted, but it could nevertheless carry side data and therefore > needs to be unreferenced. > 2. If putting a packet on a packet list fails, it wasn't unreferenced. > > Furthermore, read_frame_internal leaked a packet's (side) data if a > context update was required and failed. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > libavformat/utils.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/libavformat/utils.c b/libavformat/utils.c > index d8ef5fe54c..ff6aecbf3c 100644 > --- a/libavformat/utils.c > +++ b/libavformat/utils.c > @@ -872,8 +872,10 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt) > } > > err = av_packet_make_refcounted(pkt); > - if (err < 0) > + if (err < 0) { > + av_packet_unref(pkt); > return err; > + } > > if ((s->flags & AVFMT_FLAG_DISCARD_CORRUPT) && > (pkt->flags & AV_PKT_FLAG_CORRUPT)) { > @@ -914,8 +916,10 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt) > err = ff_packet_list_put(&s->internal->raw_packet_buffer, > &s->internal->raw_packet_buffer_end, > pkt, 0); > - if (err) > + if (err < 0) { > + av_packet_unref(pkt); > return err; > + } > s->internal->raw_packet_buffer_remaining_size -= pkt->size; > > if ((err = probe_codec(s, st, pkt)) < 0) > @@ -1608,15 +1612,19 @@ static int read_frame_internal(AVFormatContext *s, AVPacket *pkt) > } > > ret = avcodec_parameters_to_context(st->internal->avctx, st->codecpar); > - if (ret < 0) > + if (ret < 0) { > + av_packet_unref(&cur_pkt); > return ret; > + } > > #if FF_API_LAVF_AVCTX > FF_DISABLE_DEPRECATION_WARNINGS > /* update deprecated public codec context */ > ret = avcodec_parameters_to_context(st->codec, st->codecpar); > - if (ret < 0) > + if (ret < 0) { > + av_packet_unref(&cur_pkt); > return ret; > + } > FF_ENABLE_DEPRECATION_WARNINGS > #endif Applied this set of two patches.
diff --git a/libavformat/utils.c b/libavformat/utils.c index d8ef5fe54c..ff6aecbf3c 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -872,8 +872,10 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt) } err = av_packet_make_refcounted(pkt); - if (err < 0) + if (err < 0) { + av_packet_unref(pkt); return err; + } if ((s->flags & AVFMT_FLAG_DISCARD_CORRUPT) && (pkt->flags & AV_PKT_FLAG_CORRUPT)) { @@ -914,8 +916,10 @@ int ff_read_packet(AVFormatContext *s, AVPacket *pkt) err = ff_packet_list_put(&s->internal->raw_packet_buffer, &s->internal->raw_packet_buffer_end, pkt, 0); - if (err) + if (err < 0) { + av_packet_unref(pkt); return err; + } s->internal->raw_packet_buffer_remaining_size -= pkt->size; if ((err = probe_codec(s, st, pkt)) < 0) @@ -1608,15 +1612,19 @@ static int read_frame_internal(AVFormatContext *s, AVPacket *pkt) } ret = avcodec_parameters_to_context(st->internal->avctx, st->codecpar); - if (ret < 0) + if (ret < 0) { + av_packet_unref(&cur_pkt); return ret; + } #if FF_API_LAVF_AVCTX FF_DISABLE_DEPRECATION_WARNINGS /* update deprecated public codec context */ ret = avcodec_parameters_to_context(st->codec, st->codecpar); - if (ret < 0) + if (ret < 0) { + av_packet_unref(&cur_pkt); return ret; + } FF_ENABLE_DEPRECATION_WARNINGS #endif
ff_read_packet had potential memleaks: 1. If av_packet_make_refcounted fails, it means that the packet is not refcounted, but it could nevertheless carry side data and therefore needs to be unreferenced. 2. If putting a packet on a packet list fails, it wasn't unreferenced. Furthermore, read_frame_internal leaked a packet's (side) data if a context update was required and failed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavformat/utils.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-)