From patchwork Sun Sep 13 02:57:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 22320 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 0598C449E91 for ; Sun, 13 Sep 2020 05:58:38 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E0E4668BBEC; Sun, 13 Sep 2020 05:58:37 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 08D3D68BBCD for ; Sun, 13 Sep 2020 05:58:29 +0300 (EEST) Received: by mail-wm1-f68.google.com with SMTP id w2so7618414wmi.1 for ; Sat, 12 Sep 2020 19:58:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Jyui1a6bIZ5dS/LrPvbDmNXVSQ8vptpr4e3/3gL9o5M=; b=vOJ03pfNq7zilbd9pEIyJpJ/KMb3RXKBo2tHpq7xrFBQLuypDQwW9YCmEdIdz27LER MCVrA6RCn9y1EPlEUr6psmX8EKp7TGdbaZ+KP5Y/PaSxz+qnC85HZssxeKU5yyKxSEyd Ia9umsVjSaaELCJouhQs7FUcj5trAi6c7xvxHCQDy9TdXEAHqt6/GYwVR0y+KOTu9qcL 64E0+YGyJqD5coWWOjQNkhkFS+cUcDeH2e95uS9ubcGog23F+Tv8SK9Dp74KKhIZ9FS7 L8wmqZha2KKWWnv8Bd99zACCRJRkWDma9FQjDlzKCMJ3FFqX6QeYOGkadJlVB6nCx9zl 0ZGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Jyui1a6bIZ5dS/LrPvbDmNXVSQ8vptpr4e3/3gL9o5M=; b=VGIiT6Z0G8RdPpIhF/osJ26E12D3hO7OMtbXwH6eP0DcozJDNVgTNgezIFCzYY69vz cWCHBr39ZJ+ltElqAutDxQOF8PnHAS3G4e8iiE61d0pW7NLZXnrM0MwNdotpLwQk9bIq a6Qy7zGR4Ng+/hV00NpxhWS+6jw5ZALP/IlnR9D3qzdp1QTIC8Qdq5gtD0UvqidothJt UgejSO9mdORxp9G2Cea9aiIuOzXxTEVPUoF7hxwCB2gmIk16uAtj0io/Yxqz6jHQz5CR heKQ+4jU5j+c+H5fdsMU0DPxKZSDjoOakN90siIFSDfzchs0irI9Hu3OAI1NPFbQ+3F8 Qbmg== X-Gm-Message-State: AOAM532Kse6N6/1fA21mdVHWG8kjEte/wy+yMekfNm4tFAK+0sauDbHI Z47+1iJbNdUjO+e3/hOwaErKYx2gvUU= X-Google-Smtp-Source: ABdhPJyGOP6P9XqVprl5YM4mDZPc/xDZDaR4NfEwJlCj0kCWSRUI5z0xhFKRwfNzvXVRIwQX+7aZjA== X-Received: by 2002:a1c:678a:: with SMTP id b132mr9422211wmc.10.1599965909122; Sat, 12 Sep 2020 19:58:29 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id f3sm11883355wmb.35.2020.09.12.19.58.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 12 Sep 2020 19:58:28 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 13 Sep 2020 04:57:48 +0200 Message-Id: <20200913025753.274772-11-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200913025753.274772-1-andreas.rheinhardt@gmail.com> References: <20200913025753.274772-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 11/16] avcodec/svq3: Fix memleaks upon allocation error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Commit b2361cfb94738298a6c4037cc348fe5015efb841e made all of the error paths in svq3_decode_init() call svq3_decode_end(); yet several new error paths that were added later (in merges from Libav) returned directly without cleaning up properly. This commit fixes the resulting potential memleaks by setting the FF_CODEC_CAP_INIT_CLEANUP flag. This also allows to simplify freeing by returning directly. Signed-off-by: Andreas Rheinhardt --- libavcodec/svq3.c | 39 +++++++++++++-------------------------- 1 file changed, 13 insertions(+), 26 deletions(-) diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index 8a67836827..41a9bf2daa 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -222,8 +222,6 @@ static const uint32_t svq3_dequant_coeff[32] = { 61694, 68745, 77615, 89113, 100253, 109366, 126635, 141533 }; -static int svq3_decode_end(AVCodecContext *avctx); - static void svq3_luma_dc_dequant_idct_c(int16_t *output, int16_t *input, int qp) { const unsigned qmul = svq3_dequant_coeff[qp]; @@ -1185,10 +1183,8 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx) int w,h; size = AV_RB32(&extradata[4]); - if (size > extradata_end - extradata - 8) { - ret = AVERROR_INVALIDDATA; - goto fail; - } + if (size > extradata_end - extradata - 8) + return AVERROR_INVALIDDATA; init_get_bits(&gb, extradata + 8, size * 8); /* 'frame size code' and optional 'width, height' */ @@ -1229,7 +1225,7 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx) } ret = ff_set_dimensions(avctx, w, h); if (ret < 0) - goto fail; + return ret; s->halfpel_flag = get_bits1(&gb); s->thirdpel_flag = get_bits1(&gb); @@ -1248,10 +1244,8 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx) av_log(avctx, AV_LOG_DEBUG, "Unknown fields %d %d %d %d %d\n", unk0, unk1, unk2, unk3, unk4); - if (skip_1stop_8data_bits(&gb) < 0) { - ret = AVERROR_INVALIDDATA; - goto fail; - } + if (skip_1stop_8data_bits(&gb) < 0) + return AVERROR_INVALIDDATA; s->has_watermark = get_bits1(&gb); avctx->has_b_frames = !s->low_delay; @@ -1269,16 +1263,13 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx) uint8_t *buf; if (watermark_height <= 0 || - (uint64_t)watermark_width * 4 > UINT_MAX / watermark_height) { - ret = -1; - goto fail; - } + (uint64_t)watermark_width * 4 > UINT_MAX / watermark_height) + return AVERROR_INVALIDDATA; buf = av_malloc(buf_len); - if (!buf) { - ret = AVERROR(ENOMEM); - goto fail; - } + if (!buf) + return AVERROR(ENOMEM); + av_log(avctx, AV_LOG_DEBUG, "watermark size: %ux%u\n", watermark_width, watermark_height); av_log(avctx, AV_LOG_DEBUG, @@ -1289,8 +1280,7 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx) av_log(avctx, AV_LOG_ERROR, "could not uncompress watermark logo\n"); av_free(buf); - ret = -1; - goto fail; + return -1; } s->watermark_key = av_bswap16(av_crc(av_crc_get_table(AV_CRC_16_CCITT), 0, buf, buf_len)); @@ -1301,8 +1291,7 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx) #else av_log(avctx, AV_LOG_ERROR, "this svq3 file contains watermark which need zlib support compiled in\n"); - ret = -1; - goto fail; + return AVERROR(ENOSYS); #endif } } @@ -1334,9 +1323,6 @@ static av_cold int svq3_decode_init(AVCodecContext *avctx) init_dequant4_coeff_table(s); return 0; -fail: - svq3_decode_end(avctx); - return ret; } static void free_picture(AVCodecContext *avctx, SVQ3Frame *pic) @@ -1654,4 +1640,5 @@ AVCodec ff_svq3_decoder = { AV_CODEC_CAP_DELAY, .pix_fmts = (const enum AVPixelFormat[]) { AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_NONE}, + .caps_internal = FF_CODEC_CAP_INIT_CLEANUP, };