From patchwork Fri Oct 11 06:14:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lance Wang X-Patchwork-Id: 15695 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id C0B2B448716 for ; Fri, 11 Oct 2019 09:15:05 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A829F689777; Fri, 11 Oct 2019 09:15:05 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg1-f194.google.com (mail-pg1-f194.google.com [209.85.215.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7E7956883D3 for ; Fri, 11 Oct 2019 09:14:59 +0300 (EEST) Received: by mail-pg1-f194.google.com with SMTP id d26so5160829pgl.7 for ; Thu, 10 Oct 2019 23:14:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Wz/8Bzdkh3GuvhL8DFGYGRtuHa6yXMCRRov2ZCxea0E=; b=DOeJbq99zUback1R+/W9cPMpQkr1pn8aHF+43AOXBhSRwHfiUUwTPafumbQO/MOX36 jildO1tlKg5iUoSLWCqVOs7FU6dfPXzbKpxul9FTZXIE+XZxzrRbJuRYYJoDi+msg/6E y1Dh3bdJmbgKPHu7ccXp+SMmL0eyLDTT8P0oYfDGwgPj4Fobh2xm1HoCO2HElqZhqxl7 n2x6dIn+NCFYuMfZgxH+q0imsHKt0tNUn529fWceNl8+CTA4x6VyTQbQDanTUN31DXam nIv2qdW1nv/i345YbBP/xOLsPYvDyOhcQAdAWRZFFzNr13zEcyrnhXxHkGIG+jVjm2JV ZrrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Wz/8Bzdkh3GuvhL8DFGYGRtuHa6yXMCRRov2ZCxea0E=; b=YgrbfN04DgP2+yIeFfGzfgPWxbNkhwbh2yH1qIQa1X8yYloyQP27LEbHsqAepRKbBe ODtiYci+CE34LnXpPhX7m7a50jlujmvi5atUROPiII6weXrbkKDy2/W6jZq9swDX6Str ImN1gA/z1BUw6Bjt1Z4GPrwF/47xJatooZQbONGVM9piZDCqVbIm91nXC49Y3QgzLhTz VPs0I9td4nMEyv8J/qZdOP3NzWjOl/7EcP2ScXrInZYupF1a27x4VXejnP5cnwpQt+VX 9/RakzIzSQNxhg6h36/VJOyqFj9+QitMfMBMO9NqcXzE42yYF2vwObzofILIcMShleYc mMvg== X-Gm-Message-State: APjAAAUxzfb0PmkhK/30DtpzzsvokNZA/FUoso6i+DYQpvRAM6Rei/n0 8OYC1O7JRq8yjw9Lry+NuyFRtvWr X-Google-Smtp-Source: APXvYqw5aUhxt2fxt2KmfIFcUJFTxepRw5dmAxLRSr+O11C2hi2R2bDWnxi/A5+JjXgjbnXYtJdjsw== X-Received: by 2002:a63:6b06:: with SMTP id g6mr15276310pgc.104.1570774497714; Thu, 10 Oct 2019 23:14:57 -0700 (PDT) Received: from vpn.localdomain ([47.90.99.151]) by smtp.gmail.com with ESMTPSA id l62sm9692707pfl.167.2019.10.10.23.14.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Oct 2019 23:14:57 -0700 (PDT) From: lance.lmwang@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Fri, 11 Oct 2019 14:14:42 +0800 Message-Id: <20191011061444.4988-4-lance.lmwang@gmail.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20191011061444.4988-1-lance.lmwang@gmail.com> References: <20191011061444.4988-1-lance.lmwang@gmail.com> Subject: [FFmpeg-devel] [PATCH v1 4/6] avcodec/magicyuv: fix for the memory leak if failed X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Limin Wang MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Limin Wang Signed-off-by: Limin Wang --- libavcodec/magicyuv.c | 43 ++++++++++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c index 0b1ac7345a..c905c2ca22 100644 --- a/libavcodec/magicyuv.c +++ b/libavcodec/magicyuv.c @@ -661,12 +661,16 @@ static int magy_decode_frame(AVCodecContext *avctx, void *data, for (i = 0; i < s->planes; i++) { av_fast_malloc(&s->slices[i], &s->slices_size[i], s->nb_slices * sizeof(Slice)); - if (!s->slices[i]) - return AVERROR(ENOMEM); + if (!s->slices[i]) { + ret = AVERROR(ENOMEM); + goto fail; + } offset = bytestream2_get_le32(&gbyte); - if (offset >= avpkt->size - header_size) - return AVERROR_INVALIDDATA; + if (offset >= avpkt->size - header_size) { + ret = AVERROR_INVALIDDATA; + goto fail; + } if (i == 0) first_offset = offset; @@ -675,8 +679,10 @@ static int magy_decode_frame(AVCodecContext *avctx, void *data, s->slices[i][j].start = offset + header_size; next_offset = bytestream2_get_le32(&gbyte); - if (next_offset <= offset || next_offset >= avpkt->size - header_size) - return AVERROR_INVALIDDATA; + if (next_offset <= offset || next_offset >= avpkt->size - header_size) { + ret = AVERROR_INVALIDDATA; + goto fail; + } s->slices[i][j].size = next_offset - offset; offset = next_offset; @@ -686,28 +692,32 @@ static int magy_decode_frame(AVCodecContext *avctx, void *data, s->slices[i][j].size = avpkt->size - s->slices[i][j].start; } - if (bytestream2_get_byte(&gbyte) != s->planes) - return AVERROR_INVALIDDATA; + if (bytestream2_get_byte(&gbyte) != s->planes) { + ret = AVERROR_INVALIDDATA; + goto fail; + } bytestream2_skip(&gbyte, s->nb_slices * s->planes); table_size = header_size + first_offset - bytestream2_tell(&gbyte); - if (table_size < 2) - return AVERROR_INVALIDDATA; + if (table_size < 2) { + ret = AVERROR_INVALIDDATA; + goto fail; + } ret = init_get_bits8(&gbit, avpkt->data + bytestream2_tell(&gbyte), table_size); if (ret < 0) - return ret; + goto fail; ret = build_huffman(avctx, &gbit, s->max); if (ret < 0) - return ret; + goto fail; p->pict_type = AV_PICTURE_TYPE_I; p->key_frame = 1; if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0) - return ret; + goto fail; s->buf = avpkt->data; s->p = p; @@ -736,6 +746,13 @@ static int magy_decode_frame(AVCodecContext *avctx, void *data, *got_frame = 1; return avpkt->size; + +fail: + for (i = 0; i < FF_ARRAY_ELEMS(s->slices); i++) { + av_freep(&s->slices[i]); + s->slices_size[i] = 0; + } + return ret; } #if HAVE_THREADS