diff mbox series

[FFmpeg-devel,1/3] avfilter/graphparser: Fix leaks when parsing inputs fails

Message ID 20200822230434.11347-1-andreas.rheinhardt@gmail.com
State Accepted
Commit b3f6dee728c2741388638f8343379bf0f0ef5946
Headers show
Series [FFmpeg-devel,1/3] avfilter/graphparser: Fix leaks when parsing inputs fails
Related show

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Andreas Rheinhardt Aug. 22, 2020, 11:04 p.m. UTC
parse_inputs() uses a temporary linked list to parse the labeled inputs
of a filter; said linked list owns its elements (and their names). On
success, the list of unlabeled inputs is appened to the end of the list
of labeled inputs and the new list is returned; yet on failures, nothing
frees the already existing elements of the temporary linked list, leading
to a leak.

This can be triggered by e.g. using '-vf [v][' in the FFmpeg
command-line tool.

This leak seems to exist since 4e781c25b7b1955d1a9a0b0771c3ce1acb0957bd.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavfilter/graphparser.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Nicolas George Aug. 23, 2020, 9:48 a.m. UTC | #1
Andreas Rheinhardt (12020-08-23):
> parse_inputs() uses a temporary linked list to parse the labeled inputs
> of a filter; said linked list owns its elements (and their names). On
> success, the list of unlabeled inputs is appened to the end of the list
> of labeled inputs and the new list is returned; yet on failures, nothing
> frees the already existing elements of the temporary linked list, leading
> to a leak.
> 
> This can be triggered by e.g. using '-vf [v][' in the FFmpeg
> command-line tool.
> 
> This leak seems to exist since 4e781c25b7b1955d1a9a0b0771c3ce1acb0957bd.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

LGTM.

Regards,
diff mbox series

Patch

diff --git a/libavfilter/graphparser.c b/libavfilter/graphparser.c
index d92b5360a6..dfb94788e1 100644
--- a/libavfilter/graphparser.c
+++ b/libavfilter/graphparser.c
@@ -303,8 +303,10 @@  static int parse_inputs(const char **buf, AVFilterInOut **curr_inputs,
         char *name = parse_link_name(buf, log_ctx);
         AVFilterInOut *match;
 
-        if (!name)
+        if (!name) {
+            avfilter_inout_free(&parsed_inputs);
             return AVERROR(EINVAL);
+        }
 
         /* First check if the label is not in the open_outputs list */
         match = extract_inout(name, open_outputs);
@@ -314,6 +316,7 @@  static int parse_inputs(const char **buf, AVFilterInOut **curr_inputs,
         } else {
             /* Not in the list, so add it as an input */
             if (!(match = av_mallocz(sizeof(AVFilterInOut)))) {
+                avfilter_inout_free(&parsed_inputs);
                 av_free(name);
                 return AVERROR(ENOMEM);
             }