diff mbox series

[FFmpeg-devel] avcodec/truemotion2: Avoid duplicating array, fix memleak

Message ID 20200829090216.14117-1-andreas.rheinhardt@gmail.com
State Accepted
Commit 5ff2ff6bd9cd9e08729060d330e381a09972c498
Headers show
Series [FFmpeg-devel] avcodec/truemotion2: Avoid duplicating array, fix memleak | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Andreas Rheinhardt Aug. 29, 2020, 9:02 a.m. UTC 
TrueMotion 2.0 uses Huffmann trees. To parse them, the decoder allocates
arrays for the codes, their lengths and their value; afterwards a VLC
table is initialized using these values. If everything up to this point
succeeds, a new buffer of the same size as the already allocated arrays
for the values is allocated and upon success the values are copied into
the new array; all the old arrays are then freed. Yet if allocating the
new array fails, the old arrays get freed, but the VLC table doesn't.

This leak is fixed by not allocating a new array at all; instead the old
array is simply reused, ensuring that nothing can fail after the
creation of the VLC table.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavcodec/truemotion2.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

Comments

Paul B Mahol Aug. 29, 2020, 2:45 p.m. UTC | #1 
On 8/29/20, Andreas Rheinhardt <andreas.rheinhardt@gmail.com> wrote:
> TrueMotion 2.0 uses Huffmann trees. To parse them, the decoder allocates
> arrays for the codes, their lengths and their value; afterwards a VLC
> table is initialized using these values. If everything up to this point
> succeeds, a new buffer of the same size as the already allocated arrays
> for the values is allocated and upon success the values are copied into
> the new array; all the old arrays are then freed. Yet if allocating the
> new array fails, the old arrays get freed, but the VLC table doesn't.
>
> This leak is fixed by not allocating a new array at all; instead the old
> array is simply reused, ensuring that nothing can fail after the
> creation of the VLC table.
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
>  libavcodec/truemotion2.c | 11 ++---------
>  1 file changed, 2 insertions(+), 9 deletions(-)
>

probably ok
diff mbox series

Patch

diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c
index d90a8baff3..a1d4eea340 100644
--- a/libavcodec/truemotion2.c
+++ b/libavcodec/truemotion2.c
@@ -200,8 +200,6 @@  static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code)
 
     /* convert codes to vlc_table */
     if (res >= 0) {
-        int i;
-
         res = init_vlc(&code->vlc, huff.max_bits, huff.max_num,
                        huff.lens, sizeof(int), sizeof(int),
                        huff.bits, sizeof(uint32_t), sizeof(uint32_t), 0);
@@ -210,13 +208,8 @@  static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code)
         else {
             code->bits = huff.max_bits;
             code->length = huff.max_num;
-            code->recode = av_malloc_array(code->length, sizeof(int));
-            if (!code->recode) {
-                res = AVERROR(ENOMEM);
-                goto out;
-            }
-            for (i = 0; i < code->length; i++)
-                code->recode[i] = huff.nums[i];
+            code->recode = huff.nums;
+            huff.nums = NULL;
         }
     }