diff mbox series

[FFmpeg-devel,1/3] avcodec/mjpegdec: Fix leak in case of invalid external Huffman tables

Message ID HE1PR0301MB215427C0B0E403404B1097C58F799@HE1PR0301MB2154.eurprd03.prod.outlook.com
State Accepted
Commit 3cc685b7bcc2bcc781b5632bf2e0af6ed941ae27
Headers show
Series [FFmpeg-devel,1/3] avcodec/mjpegdec: Fix leak in case of invalid external Huffman tables
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Andreas Rheinhardt April 3, 2021, 2:17 p.m. UTC
When using external Huffman tables fails during init, the decoder
reverts back to using the default Huffman tables; and when doing so,
the current VLC tables leak because init_default_huffman_tables()
doesn't free them before overwriting them.

Sample:
samples.ffmpeg.org/archive/all/avi+mjpeg+pcm_s16le++mjpeg-interlace.avi

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/mjpegdec.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Michael Niedermayer April 3, 2021, 3:42 p.m. UTC | #1
On Sat, Apr 03, 2021 at 04:17:29PM +0200, Andreas Rheinhardt wrote:
> When using external Huffman tables fails during init, the decoder
> reverts back to using the default Huffman tables; and when doing so,
> the current VLC tables leak because init_default_huffman_tables()
> doesn't free them before overwriting them.
> 
> Sample:
> samples.ffmpeg.org/archive/all/avi+mjpeg+pcm_s16le++mjpeg-interlace.avi
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
> ---
>  libavcodec/mjpegdec.c | 1 +
>  1 file changed, 1 insertion(+)

probably ok

[...]
diff mbox series

Patch

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 5583d2aa35..776797d35b 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -76,6 +76,7 @@  static int init_default_huffman_tables(MJpegDecodeContext *s)
     int i, ret;
 
     for (i = 0; i < FF_ARRAY_ELEMS(ht); i++) {
+        ff_free_vlc(&s->vlcs[ht[i].class][ht[i].index]);
         ret = ff_mjpeg_build_vlc(&s->vlcs[ht[i].class][ht[i].index],
                                  ht[i].bits, ht[i].values,
                                  ht[i].class == 1, s->avctx);