From patchwork Sun Aug 9 15:57:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21551 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 70BF644B9EE for ; Sun, 9 Aug 2020 18:58:19 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 51EC368A91A; Sun, 9 Aug 2020 18:58:19 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f68.google.com (mail-ej1-f68.google.com [209.85.218.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D57DA689C95 for ; Sun, 9 Aug 2020 18:58:12 +0300 (EEST) Received: by mail-ej1-f68.google.com with SMTP id f24so6997744ejx.6 for ; Sun, 09 Aug 2020 08:58:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZLIv7zPhg50wNQnaBYw1cNsRAOqihLzXFfTRd+Ab5vg=; b=Rq805q6DXixIkD/UQLHmoPJ8wZH3IgglpiDALNd61JBZOUCuAFo20FPRpSg2TgZGaA +JtuG9xNg696By2ceXudvQgGvuk5o5jt1c5gNSB1VL1QuSx1MbqK05zw57PaJOMCsGGr ekjdQKsXB76TwZZTocUTpjjO32FtfcqKfQWUAVXQgEg3BUnv6bVsEVbnHD3DSVL3R8CD vuPHb19himY+avc7XkjXOYkAXtYO/x22un1Mctc1WT8YJEE2VlBGTwqoHfxR8mRn0/1f tsAZxT8HMdcRJXnuF29XFqMg4xtzM+ZrdlU6m31+Wi6Ay22BOeuESLkVudmpp0nYuz// hjgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZLIv7zPhg50wNQnaBYw1cNsRAOqihLzXFfTRd+Ab5vg=; b=POv9z30wdq/cqq77mydXxlaXJiknuZbXnD+TERsqcuODVwTT9I2GWyc8L84pVMT8G/ vFQDSsiwS5LqguOu+FM1jDql+haz2/GMS62PWGgPUaVqodybnFPlXgh/GYmJwc1bx8Rk Eygeyz0VK5xUpvWBGtYKL97cD9f7sXr8+SbMYII/eywigL2849E4HXAYFVQhClL4Hkyb RHwXEW+IWdD4jSseSZYarz3WphwH4SfhLWk09z5Zwu2QVcU/iDkEL3A42drhZp5y0ZJt eO4jZHyfSUPNi3rTzJ0ec3e2Hcj7xAKJw0BeVIwfpcv6tj2naCBvsTbjfHW1GyI/q7Ma dCvQ== X-Gm-Message-State: AOAM531MVafJ7ucaCYLwTLkKnw3fUbS07YaML/OXGNMTI86eJubKx0tF mucTirtUcKtSh8x3BRvLwvSdw97f X-Google-Smtp-Source: ABdhPJzK2EgpUaSgbF0GXlFJi+Yt3AnEj8DVWO00XTPFA8DS1VBol9T3x+QOHaD6hl6K24rdBWhk5Q== X-Received: by 2002:a17:906:7790:: with SMTP id s16mr19249322ejm.254.1596988692119; Sun, 09 Aug 2020 08:58:12 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de. [188.193.2.150]) by smtp.gmail.com with ESMTPSA id g11sm5360290edv.95.2020.08.09.08.58.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Aug 2020 08:58:11 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 9 Aug 2020 17:57:35 +0200 Message-Id: <20200809155748.30092-2-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200808140202.586-1-andreas.rheinhardt@gmail.com> References: <20200808140202.586-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 08/21] avfilter/vf_paletteuse: Fix leaks of AVFilterFormats on error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The paletteuse's query_formats function allocated three AVFilterFormats before storing them permanently. If allocating one of them failed, the three AVFilterFormats structures would be freed with av_freep() which does not free separately allocated subelements (namely the formats array) which leak. Furthermore, if storing one of the first two fails, the function simply returns and the ones not yet stored leak. These leaks have been fixed by only creating a new AVFilterFormats after the last one has already been permanently stored. Furthermore, it is enough to check whether the elements have been properly stored as ff_formats_ref() by design returns AVERROR(ENOMEM) if it is provided a NULL AVFilterFormats *. Fixes Coverity issues #1270818 and #1270819. Signed-off-by: Andreas Rheinhardt --- libavfilter/vf_paletteuse.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/libavfilter/vf_paletteuse.c b/libavfilter/vf_paletteuse.c index b32ff817d0..80e2ba583a 100644 --- a/libavfilter/vf_paletteuse.c +++ b/libavfilter/vf_paletteuse.c @@ -142,18 +142,12 @@ static int query_formats(AVFilterContext *ctx) static const enum AVPixelFormat inpal_fmts[] = {AV_PIX_FMT_RGB32, AV_PIX_FMT_NONE}; static const enum AVPixelFormat out_fmts[] = {AV_PIX_FMT_PAL8, AV_PIX_FMT_NONE}; int ret; - AVFilterFormats *in = ff_make_format_list(in_fmts); - AVFilterFormats *inpal = ff_make_format_list(inpal_fmts); - AVFilterFormats *out = ff_make_format_list(out_fmts); - if (!in || !inpal || !out) { - av_freep(&in); - av_freep(&inpal); - av_freep(&out); - return AVERROR(ENOMEM); - } - if ((ret = ff_formats_ref(in , &ctx->inputs[0]->out_formats)) < 0 || - (ret = ff_formats_ref(inpal, &ctx->inputs[1]->out_formats)) < 0 || - (ret = ff_formats_ref(out , &ctx->outputs[0]->in_formats)) < 0) + if ((ret = ff_formats_ref(ff_make_format_list(in_fmts), + &ctx->inputs[0]->out_formats)) < 0 || + (ret = ff_formats_ref(ff_make_format_list(inpal_fmts), + &ctx->inputs[1]->out_formats)) < 0 || + (ret = ff_formats_ref(ff_make_format_list(out_fmts), + &ctx->outputs[0]->in_formats)) < 0) return ret; return 0; }