diff mbox series

[FFmpeg-devel,3/6] tools/target_dem_fuzzer: Fix packet leak

Message ID 20210322205833.14541-3-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/6] avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Michael Niedermayer March 22, 2021, 8:58 p.m. UTC
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dem_fuzzer.c | 1 +
 1 file changed, 1 insertion(+)

Comments

James Almer March 22, 2021, 9:19 p.m. UTC | #1
On 3/22/2021 5:58 PM, Michael Niedermayer wrote:
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   tools/target_dem_fuzzer.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
> index af1840b359..90b7acefe2 100644
> --- a/tools/target_dem_fuzzer.c
> +++ b/tools/target_dem_fuzzer.c
> @@ -189,6 +189,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>           av_freep(&fuzzed_pb->buffer);
>           av_freep(&fuzzed_pb);
>           avformat_free_context(avfmt);
> +        av_packet_free(&pkt);
>           return 0;
>       }

Assuming avformat_close_input() can be called on a AVFormatContext that 
failed to initialize, how about adding a fail label at the end and 
jumping there from here instead?

It would reduce code duplication and prevent the same mistake being done 
in the future if a new struct is allocated for whatever reason. It will 
also free fuzzed_pb with the correct function.
diff mbox series

Patch

diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index af1840b359..90b7acefe2 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -189,6 +189,7 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         av_freep(&fuzzed_pb->buffer);
         av_freep(&fuzzed_pb);
         avformat_free_context(avfmt);
+        av_packet_free(&pkt);
         return 0;
     }