[FFmpeg-devel] avcodec/ass: Fix a memory leak defect.

Submitted by Gang Fan(范刚) on Feb. 12, 2018, 12:56 p.m.

Details

Message ID CADpf0PRA8YNmSdqeN-1RGAiCgULHQWpOy0AcBFG4x0+eSG6mrA@mail.gmail.com
State New
Headers show

Commit Message

Gang Fan(范刚) Feb. 12, 2018, 12:56 p.m.
Thanks to Hendrik
Here is the new patch:

From 642a413080f20f9515321e42056248e86e003997 Mon Sep 17 00:00:00 2001
From: Fan Gang <fangang@sbrella.com>
Date: Mon, 12 Feb 2018 20:55:06 +0800
Subject: [PATCH] avcodec/ass: Fix a memory leak defect when realloc fails.

---
 libavcodec/ass_split.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

         if (buf[0] == '[') {
@@ -280,9 +280,7 @@ static const char *ass_split_section(ASSSplitContext
*ctx, const char *buf)
                 while (!is_eol(*buf)) {
                     buf = skip_space(buf);
                     len = strcspn(buf, ", \r\n");
-                    if (!(tmp = av_realloc_array(order, (*number + 1),
sizeof(*order))))
-                        return NULL;
-                    order = tmp;
+                    av_reallocp_array(&order, (*number + 1),
sizeof(*order));
                     order[*number] = -1;
                     for (i=0; section->fields[i].name; i++)
                         if (!strncmp(buf, section->fields[i].name, len)) {

Comments

Hendrik Leppkes Feb. 12, 2018, 2:21 p.m.
On Mon, Feb 12, 2018 at 1:56 PM, Gang Fan(范刚) <fan.gang.cn@gmail.com> wrote:
> Thanks to Hendrik
> Here is the new patch:
>
> From 642a413080f20f9515321e42056248e86e003997 Mon Sep 17 00:00:00 2001
> From: Fan Gang <fangang@sbrella.com>
> Date: Mon, 12 Feb 2018 20:55:06 +0800
> Subject: [PATCH] avcodec/ass: Fix a memory leak defect when realloc fails.
>
> ---
>  libavcodec/ass_split.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c
> index 872528b..eebe239 100644
> --- a/libavcodec/ass_split.c
> +++ b/libavcodec/ass_split.c
> @@ -249,7 +249,7 @@ static const char *ass_split_section(ASSSplitContext
> *ctx, const char *buf)
>      const ASSSection *section = &ass_sections[ctx->current_section];
>      int *number = &ctx->field_number[ctx->current_section];
>      int *order = ctx->field_order[ctx->current_section];
> -    int *tmp, i, len;
> +    int i, len;
>
>      while (buf && *buf) {
>          if (buf[0] == '[') {
> @@ -280,9 +280,7 @@ static const char *ass_split_section(ASSSplitContext
> *ctx, const char *buf)
>                  while (!is_eol(*buf)) {
>                      buf = skip_space(buf);
>                      len = strcspn(buf, ", \r\n");
> -                    if (!(tmp = av_realloc_array(order, (*number + 1),
> sizeof(*order))))
> -                        return NULL;
> -                    order = tmp;
> +                    av_reallocp_array(&order, (*number + 1),
> sizeof(*order));
>                      order[*number] = -1;
>                      for (i=0; section->fields[i].name; i++)
>                          if (!strncmp(buf, section->fields[i].name, len)) {
> --
> 1.9.1
>
>

Allocation can still fail, so you shouldn't remove the check - just
need to change it, since it returns 0 for success, negative for
failure.

- Hendrik
wm4 Feb. 12, 2018, 8:59 p.m.
On Mon, 12 Feb 2018 20:56:25 +0800
Gang Fan(范刚) <fan.gang.cn@gmail.com> wrote:

> Thanks to Hendrik
> Here is the new patch:
> 
> From 642a413080f20f9515321e42056248e86e003997 Mon Sep 17 00:00:00 2001
> From: Fan Gang <fangang@sbrella.com>
> Date: Mon, 12 Feb 2018 20:55:06 +0800
> Subject: [PATCH] avcodec/ass: Fix a memory leak defect when realloc fails.
> 
> ---
>  libavcodec/ass_split.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c
> index 872528b..eebe239 100644
> --- a/libavcodec/ass_split.c
> +++ b/libavcodec/ass_split.c
> @@ -249,7 +249,7 @@ static const char *ass_split_section(ASSSplitContext
> *ctx, const char *buf)
>      const ASSSection *section = &ass_sections[ctx->current_section];
>      int *number = &ctx->field_number[ctx->current_section];
>      int *order = ctx->field_order[ctx->current_section];
> -    int *tmp, i, len;
> +    int i, len;
> 
>      while (buf && *buf) {
>          if (buf[0] == '[') {
> @@ -280,9 +280,7 @@ static const char *ass_split_section(ASSSplitContext
> *ctx, const char *buf)
>                  while (!is_eol(*buf)) {
>                      buf = skip_space(buf);
>                      len = strcspn(buf, ", \r\n");
> -                    if (!(tmp = av_realloc_array(order, (*number + 1),
> sizeof(*order))))
> -                        return NULL;
> -                    order = tmp;
> +                    av_reallocp_array(&order, (*number + 1),
> sizeof(*order));
>                      order[*number] = -1;
>                      for (i=0; section->fields[i].name; i++)
>                          if (!strncmp(buf, section->fields[i].name, len)) {

The patch formatting is broken (line breaks). It will be cumbersome to
apply it, which most likely will mean nobody is going to try.

Never copy&paste a patch into the text field of your email client.
Instead you should do one of these things:

- just attach the patch as text attachment
- use git send-email
Gang Fan(范刚) Feb. 13, 2018, 7:30 a.m.
Thanks for the advice, let me have another try.

On Tue, Feb 13, 2018 at 4:59 AM, wm4 <nfxjfg@googlemail.com> wrote:

> On Mon, 12 Feb 2018 20:56:25 +0800
> Gang Fan(范刚) <fan.gang.cn@gmail.com> wrote:
>
> > Thanks to Hendrik
> > Here is the new patch:
> >
> > From 642a413080f20f9515321e42056248e86e003997 Mon Sep 17 00:00:00 2001
> > From: Fan Gang <fangang@sbrella.com>
> > Date: Mon, 12 Feb 2018 20:55:06 +0800
> > Subject: [PATCH] avcodec/ass: Fix a memory leak defect when realloc
> fails.
> >
> > ---
> >  libavcodec/ass_split.c | 6 ++----
> >  1 file changed, 2 insertions(+), 4 deletions(-)
> >
> > diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c
> > index 872528b..eebe239 100644
> > --- a/libavcodec/ass_split.c
> > +++ b/libavcodec/ass_split.c
> > @@ -249,7 +249,7 @@ static const char *ass_split_section(ASSSplitContext
> > *ctx, const char *buf)
> >      const ASSSection *section = &ass_sections[ctx->current_section];
> >      int *number = &ctx->field_number[ctx->current_section];
> >      int *order = ctx->field_order[ctx->current_section];
> > -    int *tmp, i, len;
> > +    int i, len;
> >
> >      while (buf && *buf) {
> >          if (buf[0] == '[') {
> > @@ -280,9 +280,7 @@ static const char *ass_split_section(ASSSplitContext
> > *ctx, const char *buf)
> >                  while (!is_eol(*buf)) {
> >                      buf = skip_space(buf);
> >                      len = strcspn(buf, ", \r\n");
> > -                    if (!(tmp = av_realloc_array(order, (*number + 1),
> > sizeof(*order))))
> > -                        return NULL;
> > -                    order = tmp;
> > +                    av_reallocp_array(&order, (*number + 1),
> > sizeof(*order));
> >                      order[*number] = -1;
> >                      for (i=0; section->fields[i].name; i++)
> >                          if (!strncmp(buf, section->fields[i].name,
> len)) {
>
> The patch formatting is broken (line breaks). It will be cumbersome to
> apply it, which most likely will mean nobody is going to try.
>
> Never copy&paste a patch into the text field of your email client.
> Instead you should do one of these things:
>
> - just attach the patch as text attachment
> - use git send-email
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>

Patch hide | download patch | download mbox

diff --git a/libavcodec/ass_split.c b/libavcodec/ass_split.c
index 872528b..eebe239 100644
--- a/libavcodec/ass_split.c
+++ b/libavcodec/ass_split.c
@@ -249,7 +249,7 @@  static const char *ass_split_section(ASSSplitContext
*ctx, const char *buf)
     const ASSSection *section = &ass_sections[ctx->current_section];
     int *number = &ctx->field_number[ctx->current_section];
     int *order = ctx->field_order[ctx->current_section];
-    int *tmp, i, len;
+    int i, len;

     while (buf && *buf) {