From patchwork Tue Apr 2 01:35:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 47712 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id mm22csp1083760pzb; Mon, 1 Apr 2024 18:36:04 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVIqhLw0R9ujcQ23VyNLehjVBfmnIaKFK0XHyLKLxvimGIK4P6xv//1m6vHx51DrqWTaRIeikKFr5P9HgdB+VCVPYAVhjASdwBTTg== X-Google-Smtp-Source: AGHT+IH0HKphbjTaWU1IhA5B3dhZtk+CkrG+syICP214RAjqXNNKTxQkcmS88Is1l3hEmCVISpnY X-Received: by 2002:a05:6402:268c:b0:56b:7f64:86f7 with SMTP id w12-20020a056402268c00b0056b7f6486f7mr10092772edd.3.1712021763828; Mon, 01 Apr 2024 18:36:03 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id r24-20020a50aad8000000b0056be4885eb3si5025075edc.588.2024.04.01.18.36.03; Mon, 01 Apr 2024 18:36:03 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=jX7yS62l; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6C01A68D01B; Tue, 2 Apr 2024 04:35:59 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05olkn2102.outbound.protection.outlook.com [40.92.90.102]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 37B4068CFFC for ; Tue, 2 Apr 2024 04:35:52 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cBQI9h6Wsr00BAlUY8QmpFmytMEQg7zRK29PmuHGnEETj0UJrZCfwL6NIU3tfduRWSM/pxf/iCU4B367BtN+rHJamH/J0AqpBOgnulKChyOBjoBx0nrQRzMNd8bfQc7LN71za3ogJLYUk5htYZC2SRQygqBUuNtoTmC8X+irW22+/NbP/XXgIQy7htk6Pn6TQp4iaBSpCX2yJ9US4W+EtbeFiZqAH3RY7q+ohE7UsbCoh718JpXZwkI1SGyU1bOkmcDIesSx7HVl/7T7c2DvaVSPzUYqQiTBhX1425U8ee0NNzG4G3fRsCPmnE6kgCOO8Ge0X2yC8YYd8LVKEgqnrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rOG/cGR0VgHhqqQd1kkjZ5JKeQEswLRWHpCoWhvBFMY=; b=HxjXQmnDcCgfuBY46uzvsjLl52GDNN5BTOisxs8yv4EgCg3EAP2J/VznqKJYDExgG+j7Yp3jFEF7eJq4NpHJaE+oXevyPJvQxH2eRRC9i+jlkJ2fxP/5FcoE5PEDveFzU2bw9jQXQjyFFQE1PeUcjHAWnJ6p/pYL4PByIDrAxR3DG4960HHZOJfl9Fl1k0asZDsNv8XMmLe20Gt20NgoKtLIRW6H0DTttkzjsxtR2Xa/4nsLHitWM4JEUwA6em25KKKnGI3em2Ak7opDO4akK6QdseDHFS+6jqIPtOQrjK5C+tkJgsaSU8twEynpv4wyE//yBKBZSdregexL85bhgA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rOG/cGR0VgHhqqQd1kkjZ5JKeQEswLRWHpCoWhvBFMY=; b=jX7yS62lQ0E44dLEdg6anAPxLvxZABtACm8jfVI9eJCj3QCR83xSiEId8Z6gcmsCsCOnYTo31wUUPGky+c1raz7KCvtmIV4U8Ex7nTspJ8L7xKbjI6UvUAcgL2IOUF9n54RROCAKCvzcDBtifgfWl+mRzz4xsz+wdY9rUcbz1IXb5SlV9MZsQLwPPSNf9YwhjmJIRPV6ukiLusFrc49/yUtR6ra3kLOeHw10CoQJYPXv2a+Ec9yFQIBmZyQsqKLEV9oDaKvbUFN9UjcHolyn+JgoyrSdd87FEiYiS0+fhKuEpz1Mgm/GWVKk+yvwiF+I4+RF6vJYV90u9lS1DsovnA== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by AS4P250MB0416.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:4c3::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Tue, 2 Apr 2024 01:35:48 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4a3b:cf76:cddc:c68d]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4a3b:cf76:cddc:c68d%4]) with mapi id 15.20.7409.042; Tue, 2 Apr 2024 01:35:48 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Tue, 2 Apr 2024 03:35:33 +0200 Message-ID: X-Mailer: git-send-email 2.40.1 X-TMN: [JlCr6+V4fucv1HK4aHHhszsgC+fDViGKe+dt87Zjqg4=] X-ClientProxiedBy: ZR2P278CA0082.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:65::11) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: <20240402013539.1509586-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|AS4P250MB0416:EE_ X-MS-Office365-Filtering-Correlation-Id: ffa35065-e109-441a-ab96-08dc52b5396c X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: elEhaxRl0CKPH0jQZ8Pss3DWt/R+nZDIgp7AnDbcW8LCb0EQsX8QSqTQbbkCmHGO90Vc9aOn/0Z1B6OAUgm1wHKZ6dSknnzjq+bA35x/uw9h/d2vziQTQz//H3C9xbpZca09msDL3wCLZA7V614mFHsCZW92gLjGVyvfA0Q+YNJOlBPRcg9I9FRI+bwtQnDDzj1EdtucvOOxHt97S5d2IZC6WY0bpvg50fwlF2rQXFqwRYQXALlCWHERpRpvtUtQ3ZLSmPeguqsH18fhOzfIUcK88Y6UiTpGsl3VaQY2GceEQ2y0FR0PyIxu1sffVbc+ROCnmPVP2icnNI4KJTdKcR0mTtGV3+r8JixhcmoXZ+bHSZivSTRiBfn3Y0Nvk6uowFl5UMdV27fFRewACMsYbGuMbWnQ3vYvFl53yEQ5D8ax/fitzi8c3FGLAyJh+FAOyAIQ457j9dWOLEk6U1q7l9GnR4jZ7cP0ASBDD7iGI0IzT6JDcWS3K/2FLKqnJ4qghlaT1v5V+vqgs7tfW+lSA5paxnApMRHJG+GXq0dgWQu4MyZdrDYGZ6w8nd2Bx/h9nv93Zo6qhTT/Z9l5nGe99HWjS/vfzArZ/IJt6AZD36yKw4S/ImEstII/LRIdGt9G X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: a0xHxJoJS8oJ7h3WOcpNyVwa2/NaBNtQdLMkjuz4wHDuso+fGbCXCmVjN5EoVeHP3KlXfm4r26kdXBRDkUgEwt3kTdmi9HvZkXWX2kirInvK+F21/ZKKShk5aXw4lUfHWTJzlIU4uZ7YsdWY9FGdejyv9KBdhMxMujIYOK/uPJ195cKQQIsj1gP3zvz5idFkmACJY+DdBRnGYVhArJCXc18Cl6h5+cR+09rvk5THHGegL/Yq8Ex8H8oEh01hO2wsvq3jxy+UFSDSns6ygKDlYcyXi9jPcvAv7tqVud4IzmzDbpS4cdrqoOebbbb8Tuh6aqhW647osNYjXbCNcoVbRvLNdo01OegbOcsQfoX4WS7ot6/Ze7xEjrCcLxpVbKvwqIZvZMsAiLGOKwaUT6CzkFgEvi6CXxa5ovVeX26Us1RZ3Pc3eNHbVvwLtZny2cqx+Vp7MelZDK27OuRczRpqcdua7+x4RKZdXlrQ58CstZ3VOD1teQS2QMSlryz/2doYViXuWhdUFXOe5pj/G732RL/67FFfArxJC8HP24s4zAHf4qWY/8jE9tvoTmuw+xpqJIYhY5jGzSLEB/fmMwJyevSilp1YsXFseTkHGrpqI4okrGprytSiE3+kSsu5sydRj4HzWaI8HrDgRhdwW0g+heiV6TMcbkW0Hjuo8BusJfaA4NHlKLXyOhZU9wiSawLUi5Lmchdr3Rout50hDe96E86GJbropStAj5W8pMgwvEk8uIabPquKDSZzjPStq3kHZVGOJaGk9We1QgYYHnr6bNLOs7S5AODTeA4uR1q4CQHrDwHZSrsPiNo/3qsWeFsJ8RERxw9KAhucjukPHoTkh5lJTt/g3CLYhhnTQKQhrkHhXewPXdc5EHfCWvN7Z4XEQdbdA0+ZXs9RBZD3vRW2Iv2OhqR9BUXXFWBEixHkpBpIy//CvUduLnhlkgvNi1ClDf28uHuwkcuS6TOfh3NLm+fuj2M8oDViqhuZugNbdk2TgXPh2MHZDvQITOmSBNTVpRlgI62n82/40sSdooi8GwHcJgkFF6jO/JushzpZzvjIDYmRFimHMTDI+GG1oA2U3fxdfkDUM9lO0/azJvuoJOOQhbTqbTEVbIohL25q2Z8tIslaKjrJLghJxvV5Xu0Wq/+FkU+YWbeEyNasqwFe1WLFvEGrX6TmFP+isEX6VO0LXwbJoTYdek+YeCytSktW94Rszd+6uo6aYKpE8yQzRdKyRhwhlcExkG5f5xQYLeB9kJSqLzgC+vPwRXKbLWjzpCrypOVOVJDZI1esmbmrDw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ffa35065-e109-441a-ab96-08dc52b5396c X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2024 01:35:48.7950 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P250MB0416 Subject: [FFmpeg-devel] [PATCH 1/7] avcodec/wavpack: Fix leak and segfault on reallocation error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: r12nQA4KG3UU av_realloc_f() frees the buffer it is given on allocation failure. But in this case, the buffer is an array of ownership pointers, causing leaks on error. Furthermore, the count of pointers is unchanged on error and the codec's close function uses it to free said ownership pointers, causing a NPD. This is a regression since 46412a8935e4632b2460988bfce4152c7dccce22. Fix this by switching to av_realloc_array(). Signed-off-by: Andreas Rheinhardt --- Actually, one only needs one WavpackFrameContext at a time, given that this decoder does not do proper slice threading. Alternatively, one could implement proper slice threading. libavcodec/wavpack.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 7e60a1456a..36bd4662e8 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -973,9 +973,11 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb, static av_cold int wv_alloc_frame_context(WavpackContext *c) { - c->fdec = av_realloc_f(c->fdec, c->fdec_num + 1, sizeof(*c->fdec)); - if (!c->fdec) + WavpackFrameContext **fdec = av_realloc_array(c->fdec, c->fdec_num + 1, sizeof(*c->fdec)); + + if (!fdec) return -1; + c->fdec = fdec; c->fdec[c->fdec_num] = av_mallocz(sizeof(**c->fdec)); if (!c->fdec[c->fdec_num])