Message ID | 20200829090216.14117-1-andreas.rheinhardt@gmail.com |
---|---|
State | Accepted |
Commit | 5ff2ff6bd9cd9e08729060d330e381a09972c498 |
Headers | show |
Series | [FFmpeg-devel] avcodec/truemotion2: Avoid duplicating array, fix memleak | expand |
Context | Check | Description |
---|---|---|
andriy/default | pending | |
andriy/make | success | Make finished |
andriy/make_fate | success | Make fate finished |
On 8/29/20, Andreas Rheinhardt <andreas.rheinhardt@gmail.com> wrote: > TrueMotion 2.0 uses Huffmann trees. To parse them, the decoder allocates > arrays for the codes, their lengths and their value; afterwards a VLC > table is initialized using these values. If everything up to this point > succeeds, a new buffer of the same size as the already allocated arrays > for the values is allocated and upon success the values are copied into > the new array; all the old arrays are then freed. Yet if allocating the > new array fails, the old arrays get freed, but the VLC table doesn't. > > This leak is fixed by not allocating a new array at all; instead the old > array is simply reused, ensuring that nothing can fail after the > creation of the VLC table. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > libavcodec/truemotion2.c | 11 ++--------- > 1 file changed, 2 insertions(+), 9 deletions(-) > probably ok
diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c index d90a8baff3..a1d4eea340 100644 --- a/libavcodec/truemotion2.c +++ b/libavcodec/truemotion2.c @@ -200,8 +200,6 @@ static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code) /* convert codes to vlc_table */ if (res >= 0) { - int i; - res = init_vlc(&code->vlc, huff.max_bits, huff.max_num, huff.lens, sizeof(int), sizeof(int), huff.bits, sizeof(uint32_t), sizeof(uint32_t), 0); @@ -210,13 +208,8 @@ static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code) else { code->bits = huff.max_bits; code->length = huff.max_num; - code->recode = av_malloc_array(code->length, sizeof(int)); - if (!code->recode) { - res = AVERROR(ENOMEM); - goto out; - } - for (i = 0; i < code->length; i++) - code->recode[i] = huff.nums[i]; + code->recode = huff.nums; + huff.nums = NULL; } }
TrueMotion 2.0 uses Huffmann trees. To parse them, the decoder allocates arrays for the codes, their lengths and their value; afterwards a VLC table is initialized using these values. If everything up to this point succeeds, a new buffer of the same size as the already allocated arrays for the values is allocated and upon success the values are copied into the new array; all the old arrays are then freed. Yet if allocating the new array fails, the old arrays get freed, but the VLC table doesn't. This leak is fixed by not allocating a new array at all; instead the old array is simply reused, ensuring that nothing can fail after the creation of the VLC table. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavcodec/truemotion2.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-)