[FFmpeg-devel,v1,04/11] avformat/jvdec: fix memleak when read_header failed

Submitted by Steven Liu on Oct. 9, 2019, 7:35 a.m.

Details

Message ID 20191009073530.4505-4-lq@chinaffmpeg.org
State Accepted
Commit 6f84c1e9078b2133f3cb75d76f089196a7df96a9
Headers show

Commit Message

Steven Liu Oct. 9, 2019, 7:35 a.m.
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
---
 libavformat/jvdec.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Comments

Peter Ross Oct. 9, 2019, 8:28 a.m.
On Wed, Oct 09, 2019 at 03:35:23PM +0800, Steven Liu wrote:
> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
> ---
>  libavformat/jvdec.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/jvdec.c b/libavformat/jvdec.c
> index 18c81f0de7..17ada7b0f1 100644
> --- a/libavformat/jvdec.c
> +++ b/libavformat/jvdec.c
> @@ -113,9 +113,10 @@ static int read_header(AVFormatContext *s)
>          return AVERROR(ENOMEM);
>  
>      jv->frames = av_malloc(ast->nb_index_entries * sizeof(JVFrame));
> -    if (!jv->frames)
> +    if (!jv->frames) {
> +        av_freep(&ast->index_entries);
>          return AVERROR(ENOMEM);
> -
> +    }
>      offset = 0x68 + ast->nb_index_entries * 16;
>      for (i = 0; i < ast->nb_index_entries; i++) {
>          AVIndexEntry *e   = ast->index_entries + i;
> @@ -137,6 +138,8 @@ static int read_header(AVFormatContext *s)
>                      - jvf->palette_size < 0) {
>              if (s->error_recognition & AV_EF_EXPLODE) {
>                  read_close(s);
> +                av_freep(&jv->frames);
> +                av_freep(&ast->index_entries);
>                  return AVERROR_INVALIDDATA;
>              }

looks good. please apply.

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
Steven Liu Oct. 10, 2019, 2:27 a.m.
> 在 2019年10月9日,16:28,Peter Ross <pross@xvid.org> 写道:
> 
> On Wed, Oct 09, 2019 at 03:35:23PM +0800, Steven Liu wrote:
>> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
>> ---
>> libavformat/jvdec.c | 7 +++++--
>> 1 file changed, 5 insertions(+), 2 deletions(-)
>> 
>> diff --git a/libavformat/jvdec.c b/libavformat/jvdec.c
>> index 18c81f0de7..17ada7b0f1 100644
>> --- a/libavformat/jvdec.c
>> +++ b/libavformat/jvdec.c
>> @@ -113,9 +113,10 @@ static int read_header(AVFormatContext *s)
>>         return AVERROR(ENOMEM);
>> 
>>     jv->frames = av_malloc(ast->nb_index_entries * sizeof(JVFrame));
>> -    if (!jv->frames)
>> +    if (!jv->frames) {
>> +        av_freep(&ast->index_entries);
>>         return AVERROR(ENOMEM);
>> -
>> +    }
>>     offset = 0x68 + ast->nb_index_entries * 16;
>>     for (i = 0; i < ast->nb_index_entries; i++) {
>>         AVIndexEntry *e   = ast->index_entries + i;
>> @@ -137,6 +138,8 @@ static int read_header(AVFormatContext *s)
>>                     - jvf->palette_size < 0) {
>>             if (s->error_recognition & AV_EF_EXPLODE) {
>>                 read_close(s);
>> +                av_freep(&jv->frames);
>> +                av_freep(&ast->index_entries);
>>                 return AVERROR_INVALIDDATA;
>>             }
> 
> looks good. please apply.
applied.
> 
> -- Peter
> (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)

Thanks
Steven

Patch hide | download patch | download mbox

diff --git a/libavformat/jvdec.c b/libavformat/jvdec.c
index 18c81f0de7..17ada7b0f1 100644
--- a/libavformat/jvdec.c
+++ b/libavformat/jvdec.c
@@ -113,9 +113,10 @@  static int read_header(AVFormatContext *s)
         return AVERROR(ENOMEM);
 
     jv->frames = av_malloc(ast->nb_index_entries * sizeof(JVFrame));
-    if (!jv->frames)
+    if (!jv->frames) {
+        av_freep(&ast->index_entries);
         return AVERROR(ENOMEM);
-
+    }
     offset = 0x68 + ast->nb_index_entries * 16;
     for (i = 0; i < ast->nb_index_entries; i++) {
         AVIndexEntry *e   = ast->index_entries + i;
@@ -137,6 +138,8 @@  static int read_header(AVFormatContext *s)
                     - jvf->palette_size < 0) {
             if (s->error_recognition & AV_EF_EXPLODE) {
                 read_close(s);
+                av_freep(&jv->frames);
+                av_freep(&ast->index_entries);
                 return AVERROR_INVALIDDATA;
             }
             jvf->audio_size   =