From patchwork Wed Mar 10 21:54:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 26326 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 3080A44B799 for ; Wed, 10 Mar 2021 23:55:50 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1DE4668AB55; Wed, 10 Mar 2021 23:55:50 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6A02A68AB43 for ; Wed, 10 Mar 2021 23:55:43 +0200 (EET) Received: by mail-ej1-f54.google.com with SMTP id r17so41811922ejy.13 for ; Wed, 10 Mar 2021 13:55:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=+BcAGIHcYeJDYSi8JlVlvZpBKK8fraSS/LEw/Q/OA2c=; b=N/Jzb551TdM9cLmY9IJG2whKDKUAya0jj3wLtq8WOrrX8gXKh8+ORPX8wr+ZViYlzg Aszp51PrZfefmYIQxrAfOdmf8gqO7snrxikRbx6jGV2q/PqisVnln1FO24QZUINYXNLd 5TEtxemlBqUVzHs2Ynir6Cx+R1a+gtsj8e8vgTVaiN9sLrVSvAWj/DQdkZgfFG1V9Vju iL6syxWqpyth1rCuuEjIp5t+ZUZRXNuUVt0Er5yz6mpAxOAQ6peLYAP8fE8UV+W78os7 nI6rM8IKagsGdSUkmAaunDvSZ7DgyED3voXP2lhGtv6v3xjGV5TGKXAY7D+kLqP6cwOg 4DIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=+BcAGIHcYeJDYSi8JlVlvZpBKK8fraSS/LEw/Q/OA2c=; b=I/crQ/Pa4/64yp3oB52ngMGRvw3LKgmfX8LiWRJcui6UGkzw+JWN0IwRgQpoeaQDRT A4Gpo+iGqS19QoKYOie/lSAq9A98J2N3obSsIMF87gjbof3DJeYRUnjdN26jIAdxIiSI u7xj7/VxqteY6hj3ywrClOZRzu5q95cuIvh57aK0r0KDlcT9JlCE0G1Y8E3Dsnt6DATZ Vn9qkN2fUpHqZlaChdnxzT16M+793wt6B2i1qbQiFi64XIhzuGjrTUzWBUVByrzslP+n vN0dLeUpnBWIbu2Xaz+f2h9XrXZCqZyL0WqRYwA8Icbl6XnriYsl4X2hGPe6A73qxWWF caFQ== X-Gm-Message-State: AOAM530xHn9f0oUnj6fzTP2/aAkA2OWmawNaT9sEaz0oqscGvASnAf2L GzHsgZCIKbR6EtRdryD1g400+8q64yg= X-Google-Smtp-Source: ABdhPJyLWcDYhytme5a08QC/+9AfMIHqvCS/OwV1JSN/DZjZrCRLDZnvtDEZWF8IUP2AQfuCOMOlTw== X-Received: by 2002:a17:906:1907:: with SMTP id a7mr38675eje.142.1615413342703; Wed, 10 Mar 2021 13:55:42 -0800 (PST) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id m10sm351993ejx.10.2021.03.10.13.55.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Mar 2021 13:55:42 -0800 (PST) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 10 Mar 2021 22:54:46 +0100 Message-Id: <20210310215446.1396386-14-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210310010601.1142819-1-andreas.rheinhardt@gmail.com> References: <20210310010601.1142819-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 23/23] avcodec/pngdec: Fix memleak by postponing allocation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Fixes Coverity ticket #1322342. Signed-off-by: Andreas Rheinhardt --- It seems to me that this temporary buffer is actually unneeded: One just needs to use the new frame as destination for blending and then overwrite the new frame's data outside the processed rectangle with the data from the old frame. Or am I wrong about this? libavcodec/pngdec.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index a5a71ef161..63c22063d9 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -1080,10 +1080,6 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s, return AVERROR_PATCHWELCOME; } - buffer = av_malloc_array(s->image_linesize, s->height); - if (!buffer) - return AVERROR(ENOMEM); - ff_thread_await_progress(&s->last_picture, INT_MAX, 0); // need to reset a rectangle to background: @@ -1099,7 +1095,9 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s, } } - memcpy(buffer, s->last_picture.f->data[0], s->image_linesize * s->height); + buffer = av_memdup(s->last_picture.f->data[0], s->image_linesize * s->height); + if (!buffer) + return AVERROR(ENOMEM); // Perform blending if (s->blend_op == APNG_BLEND_OP_SOURCE) {