diff mbox series

[FFmpeg-devel] avformat/aviobuf: remove unnecessary label in ffio_fdopen

Message ID 20211201032529.58266-1-lq@chinaffmpeg.org
State Accepted
Commit 3f46ffe956a563a975b65fcb0bcf131fd30956ff
Headers show
Series [FFmpeg-devel] avformat/aviobuf: remove unnecessary label in ffio_fdopen | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Liu Steven Dec. 1, 2021, 3:25 a.m. UTC 
From: Steven Liu <liuqi05@kuaishou.com>

Because the s->buffer has been freed by av_freep in avio_closep.
It should not av_freep the buffer in label fail after avio_closep.
Then just move the av_freep before avio_closep and remove the label fail.

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
---
 libavformat/aviobuf.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

Comments

Zhao Zhili Dec. 1, 2021, 3:48 a.m. UTC | #1 
> On Dec 1, 2021, at 11:25 AM, Steven Liu <lq@chinaffmpeg.org> wrote:
> 
> From: Steven Liu <liuqi05@kuaishou.com>
> 
> Because the s->buffer has been freed by av_freep in avio_closep.
> It should not av_freep the buffer in label fail after avio_closep.
> Then just move the av_freep before avio_closep and remove the label fail.

The patch LGTM, but the subject should be changed to reflect the
key point of the patch: fix double free.

> 
> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
> Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
> ---
> libavformat/aviobuf.c | 14 ++++++--------
> 1 file changed, 6 insertions(+), 8 deletions(-)
> 
> diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
> index 5da4dea7b6..3fbb942e76 100644
> --- a/libavformat/aviobuf.c
> +++ b/libavformat/aviobuf.c
> @@ -977,18 +977,19 @@ int ffio_fdopen(AVIOContext **s, URLContext *h)
>                             (int (*)(void *, uint8_t *, int))  ffurl_read,
>                             (int (*)(void *, uint8_t *, int))  ffurl_write,
>                             (int64_t (*)(void *, int64_t, int))ffurl_seek);
> -    if (!*s)
> -        goto fail;
> -
> +    if (!*s) {
> +        av_freep(&buffer);
> +        return AVERROR(ENOMEM);
> +    }
>     (*s)->protocol_whitelist = av_strdup(h->protocol_whitelist);
>     if (!(*s)->protocol_whitelist && h->protocol_whitelist) {
>         avio_closep(s);
> -        goto fail;
> +        return AVERROR(ENOMEM);
>     }
>     (*s)->protocol_blacklist = av_strdup(h->protocol_blacklist);
>     if (!(*s)->protocol_blacklist && h->protocol_blacklist) {
>         avio_closep(s);
> -        goto fail;
> +        return AVERROR(ENOMEM);
>     }
>     (*s)->direct = h->flags & AVIO_FLAG_DIRECT;
> 
> @@ -1006,9 +1007,6 @@ int ffio_fdopen(AVIOContext **s, URLContext *h)
>     ((FFIOContext*)(*s))->short_seek_get = (int (*)(void *))ffurl_get_short_seek;
>     (*s)->av_class = &ff_avio_class;
>     return 0;
> -fail:
> -    av_freep(&buffer);
> -    return AVERROR(ENOMEM);
> }
> 
> URLContext* ffio_geturlcontext(AVIOContext *s)
> -- 
> 2.25.0
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff mbox series

Patch

diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index 5da4dea7b6..3fbb942e76 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -977,18 +977,19 @@  int ffio_fdopen(AVIOContext **s, URLContext *h)
                             (int (*)(void *, uint8_t *, int))  ffurl_read,
                             (int (*)(void *, uint8_t *, int))  ffurl_write,
                             (int64_t (*)(void *, int64_t, int))ffurl_seek);
-    if (!*s)
-        goto fail;
-
+    if (!*s) {
+        av_freep(&buffer);
+        return AVERROR(ENOMEM);
+    }
     (*s)->protocol_whitelist = av_strdup(h->protocol_whitelist);
     if (!(*s)->protocol_whitelist && h->protocol_whitelist) {
         avio_closep(s);
-        goto fail;
+        return AVERROR(ENOMEM);
     }
     (*s)->protocol_blacklist = av_strdup(h->protocol_blacklist);
     if (!(*s)->protocol_blacklist && h->protocol_blacklist) {
         avio_closep(s);
-        goto fail;
+        return AVERROR(ENOMEM);
     }
     (*s)->direct = h->flags & AVIO_FLAG_DIRECT;
 
@@ -1006,9 +1007,6 @@  int ffio_fdopen(AVIOContext **s, URLContext *h)
     ((FFIOContext*)(*s))->short_seek_get = (int (*)(void *))ffurl_get_short_seek;
     (*s)->av_class = &ff_avio_class;
     return 0;
-fail:
-    av_freep(&buffer);
-    return AVERROR(ENOMEM);
 }
 
 URLContext* ffio_geturlcontext(AVIOContext *s)