From patchwork Tue Aug 25 14:09:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21916 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 4DB2744B6CA for ; Tue, 25 Aug 2020 17:10:27 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 360B668AD2F; Tue, 25 Aug 2020 17:10:27 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f66.google.com (mail-ej1-f66.google.com [209.85.218.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BD4F268AD4D for ; Tue, 25 Aug 2020 17:10:17 +0300 (EEST) Received: by mail-ej1-f66.google.com with SMTP id dp2so11443289ejc.4 for ; Tue, 25 Aug 2020 07:10:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=k8KwKloxDcl1QQVdlJZirb034eqZnGftLtOpZeBRNc0=; b=pLQ66laveNnIhPOEhWfIPkhphUNaPRWFdcQ5zdYtxZqk0sL6Wv0lKe+9LyPXjN1UI6 23/28EzcWqPkQFIf4d+H4Iub0OyjFNKXKJmRAgXSAPQfuV0mdTUfIps1kCH0Jz11p8s5 1nmf255wUi4iPscH44bUtnO0FHKnSx0ZLXKYK/e2HkZqq5uJqfb97ILnaSNplGMbQ+9H pyPPRJZ8/G6au+4lGDFbfx20jyo/2IvV4YOAjKj9FRBgRntN85aoLckwEdbQuI51UGro OOkJv4Ahu3tFrMXWzMjcZuyiVgaxsg88Uiq8kbKzWTr+NpJeg+x7Tx/BKHkIiTHN6GXW B+3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=k8KwKloxDcl1QQVdlJZirb034eqZnGftLtOpZeBRNc0=; b=J2DguVbhAulChQBNzZ6O7G2l/njB0STtFH110c0R/RfyntxDJ7AJ/uKNtKL0D979xC cSlyOUm59Fo2eCUtOl4JzXvicwSZqJWoB5mzOqSGTXe1MuQ/Ko0cibfIkay9xBPMKICU eDo8tfadD4bM7SpJBDz43ETy6nLn7MR+H3FJgVp6nj7+HHZKLoQDFtgsMgxzAWCP/ePW /A+d8tmAbyk3nk28rHRRhrLVGUbEKQ6a6DUVeyou+/PnywVc+aL7oH+WsWzT+mXEh3ej ZUGL3KA0Q+x3fuHS9XM82s+oUGiPD1x7k2A/2RaC45VWdzJ4xD8Q6XJCki7pbid2/+xF VinA== X-Gm-Message-State: AOAM532X03Plasf4BrQXPe5irg9dl9cBIFQ+LQX7fTLVrE+VauSnqHt8 eOP3CJuxs3s7s79+UNlkcejtSa/K9rc= X-Google-Smtp-Source: ABdhPJyqlGtC+Ec8Sqc0cEec5GUGJ7vzbca4CsgqFxzk18x80CgYqv1BWIWbdsRDK4yDj8VSSWM80Q== X-Received: by 2002:a17:906:f957:: with SMTP id ld23mr9889697ejb.187.1598364616942; Tue, 25 Aug 2020 07:10:16 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id k25sm10169806edx.96.2020.08.25.07.10.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Aug 2020 07:10:16 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Tue, 25 Aug 2020 16:09:19 +0200 Message-Id: <20200825140927.16433-11-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200825140927.16433-1-andreas.rheinhardt@gmail.com> References: <20200825140927.16433-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 11/19] avfilter/af_aiir: Fix segfault and leak upon allocation failure X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The aiir filter adds output pads in its init function. Each of these output pads had a name which was allocated and to be freed in the uninit function. Given that the aiir filter has between one and two outputs, one output pad's name was freed unconditionally and a second was freed conditionally. Yet if adding output pads fails, there are no output pads at all and trying to free a nonexistent pad's name will lead to a segfault. Furthermore, if the name could be successfully allocated, yet adding the new pad fails, the name would leak. This commit fixes this by not allocating the pads' names at all any more: They are constant anyway. This allows to remove the code to free them and hence fixes the aforementioned bugs. Signed-off-by: Andreas Rheinhardt --- libavfilter/af_aiir.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/libavfilter/af_aiir.c b/libavfilter/af_aiir.c index bc31e5141e..3df25b4d9b 100644 --- a/libavfilter/af_aiir.c +++ b/libavfilter/af_aiir.c @@ -1159,26 +1159,21 @@ static av_cold int init(AVFilterContext *ctx) } pad = (AVFilterPad){ - .name = av_strdup("default"), + .name = "default", .type = AVMEDIA_TYPE_AUDIO, .config_props = config_output, }; - if (!pad.name) - return AVERROR(ENOMEM); - ret = ff_insert_outpad(ctx, 0, &pad); if (ret < 0) return ret; if (s->response) { vpad = (AVFilterPad){ - .name = av_strdup("filter_response"), + .name = "filter_response", .type = AVMEDIA_TYPE_VIDEO, .config_props = config_video, }; - if (!vpad.name) - return AVERROR(ENOMEM); ret = ff_insert_outpad(ctx, 1, &vpad); if (ret < 0) @@ -1205,9 +1200,6 @@ static av_cold void uninit(AVFilterContext *ctx) } av_freep(&s->iir); - av_freep(&ctx->output_pads[0].name); - if (s->response) - av_freep(&ctx->output_pads[1].name); av_frame_free(&s->video); }