From patchwork Fri May 7 06:46:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 27641 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:b214:0:0:0:0:0 with SMTP id b20csp273681iof; Thu, 6 May 2021 23:48:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzp0m4e10k7IvlgiTTF16nE1D9ZZsiaEM++QOV56IBeeBgvyP78Lzg6yu1zVN4G72vTfrfR X-Received: by 2002:a17:906:2da1:: with SMTP id g1mr8432578eji.47.1620370102517; Thu, 06 May 2021 23:48:22 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id b3si4032907ejc.453.2021.05.06.23.48.22; Thu, 06 May 2021 23:48:22 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=M+zkYnLk; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 504BF680BD5; Fri, 7 May 2021 09:47:22 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-oln040092068081.outbound.protection.outlook.com [40.92.68.81]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6EBFD680A0B for ; Fri, 7 May 2021 09:47:13 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VYATsRGBnJzyItv4mfFQFuc9MH3jxclAqDzwMPRhhs1Qa+eFpr+OZmFgNhMjqoRwk4viR+NASvR13m644BuHwCDPQiHHt/85g804xWWoN3fk13x1QfGOJRlCz7HJv+rsTIQGJBnaDKbWktn8h7U5n8656w6H+IHPt2Ut9BOSo5vPWoFPSYalS4dxMzdu/DCDWk2OKd3nI/iLo68JgwSRjCYayLoOH8wVhQJzgbMvNvZeeyG0qDu2ffN6640g4pzOw4u1jnZdXUkc1S4akF1wbfJL7FcxqdO82iQanFDY6ua0pfQC1zQFirHyBI5Z6CC21KVsHgFrPpakxb6IY6EEuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=neh81zAJoqUIafHFrlNiLoPeCceFAHW6BRXt73dGlgY=; b=FQLZns87e64K23eN9evWEUoPzTdrYA+GYaQSIhcLo8jkEq40CGHYUD0UqhsudQ8gc7CaStauwzCyh9n7OenbKyKYfE0p1JEYEo37wfrrm22VUR/ci/4l4If9rTajskO89yddQtbbZ+FN49ceXdrJ3Wj8TQCBge8fCzKHhafhvQcZ1AG541/BqS+DapkMe9DSwuqGheFQacEfLRITXnoMIWDIxMfi2pA9JqFr/m2mOK3gkoH4knb2Wk5CLln9wQ9cjEz93fYqsS9FmW62h94BRhtaCRdEJDf/Y0I6hXTdLLxBxr7Xb9vdEDJmkUnzqMcOiiVfhkPvcf1IREMisBbKGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=neh81zAJoqUIafHFrlNiLoPeCceFAHW6BRXt73dGlgY=; b=M+zkYnLk0vq5XUpuLyi9ryhgVJ2h8T4TXu119LFp2auoD/tUXt9CFrLObzA2XuFGhew/tyzof+G2/H3sCfBgGdqYy+gtM7J0LQtx9ZVfv3Llfaz6nhSxuwxmOocSVN7DhY2OzMp2lu0DhfzOFkCpkiuCxr2cgTCl1NUnMj4xYeyJTrqN+LR5bZqgseKAnA+1Gu29IUFcNQqOtlbDguFaEdPVQjZkdefRZCfTbyolxFdCliX0uG41VTC2SJPl3bDUme4hdzB6jgjhdvKs9zRwUuGuG8V+t7n51R7/bKLJqBei8oAPZe5etYfCqCWf7/5/QzQNbhp4LOGycK+8Ug988A== Received: from HE1EUR02FT024.eop-EUR02.prod.protection.outlook.com (2a01:111:e400:7e1d::41) by HE1EUR02HT088.eop-EUR02.prod.protection.outlook.com (2a01:111:e400:7e1d::407) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25; Fri, 7 May 2021 06:47:12 +0000 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com (2a01:111:e400:7e1d::52) by HE1EUR02FT024.mail.protection.outlook.com (2a01:111:e400:7e1d::181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25 via Frontend Transport; Fri, 7 May 2021 06:47:12 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:F5E5AD7DE14B9565B6F30A398CECF1AA18BE7952E8E92B348FE5578D27F68CD8; UpperCasedChecksum:17239DBD6771F7BFEDA84E8AC7FD1CFC8CACF6D4D9AE59A71DE22265BC960BD2; SizeAsReceived:7606; Count:48 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::45bb:c44f:2b75:23b7]) by HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::45bb:c44f:2b75:23b7%5]) with mapi id 15.20.4108.027; Fri, 7 May 2021 06:47:12 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Fri, 7 May 2021 08:46:36 +0200 Message-ID: X-Mailer: git-send-email 2.27.0 In-Reply-To: References: X-TMN: [KUaHGZfSBvGwb5jdBvPgMWAl6Jz1ARqWEcSZJRK43X8=] X-ClientProxiedBy: AM0PR06CA0117.eurprd06.prod.outlook.com (2603:10a6:208:ab::22) To HE1PR0301MB2154.eurprd03.prod.outlook.com (2603:10a6:3:2a::22) X-Microsoft-Original-Message-ID: <20210507064647.362502-8-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.193.170.150) by AM0PR06CA0117.eurprd06.prod.outlook.com (2603:10a6:208:ab::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25 via Frontend Transport; Fri, 7 May 2021 06:47:11 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 48 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 18f74af7-2dfb-4aee-b77c-08d91123f15f X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiTy/gRYuf0ZoVb1eIH22myRQIoCwijEdyhVYjlA0zDJ2EedPMPgtciQrSNTbO8VfuLC/Fwa0cC96Ay+Fvbz66lT3DrQde2HDrfs44egVlecpZobbBuh4ouXXm0/RIsJdRklgauEcqc3iKach6s+zgGbYUUACx/qHDiQRoNL9+pv35XlK8+F9oCRvHfBIu9bea//THj1L9h1/xBrl2dvbYIkSIoJ6x6y8yY5wOU6fqzSO8HQ0ypQdddnDgLMEmQe76qRxUjPbrZIraz6FyANfwa6FsUMLL0sZAtIUHZ+L8EElUkUB0ii3qYrcq5z5AMavDoFM12JEGBl+HfoMR0qGLTDZ5yuAexa8XQLM0cyCSAqxIaZjB/wSnVBjga4TlEXZtR/0UYrtKjMjX6L2ATYq62Vzvk5gWMtH+IYzADMUhvT7AQfjWTpGCrEwfuhu5jJBWYtjqWZ+Ptyj10WjPkWs/1kcIpsPW31lspfBlIY2IhkRjKGHRuZ41l0qUVvBeOZklDnc+9r9YOK7IWZ83Y0zZ0tTW7/mw0xNZ7sQiUYtvrRlZ1svLJ0tc+axhIHMleCXiic9wZIAvPc/1dVL3yMJOMJwW8kNyYgxumMjPeafpZ8sq4pIM4PjV2YJcL6p6VwaLa3gQi19gcRWwgs1myRPAw+1gGpGKfBnduVErxb2YXU4ARGFC7IkXylWXsx0pZJDInsb+j0NajzJ72Kv0g8VNUYtchScWHVoc6Il3K6ktEiY1HsVGzOD5XaQBvLBYuxeso= X-MS-TrafficTypeDiagnostic: HE1EUR02HT088: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2NhsWVPrZ6t9358mQ8+qcRtj0j9ZerU6rdLKyKF3+STZk29a3rLdtkXIdjgDvXCh7vjAozPIwGtYL6pZaBSW6Bic+D5SJesCD/rq+SDyFR//CfYxjlPBadkgVmLimDRv110CX2/hfrmpem2Jr/VUTx1wrEr4C+G7B/jCKVxJ720aLTuZ0lh5w7Y6gzOUbIRenq1ZoBYO8SZ+QlYXttrjQNoY/DkGN0Rb5J5k7PBT9hYxZyoLr+uBAlZn9uUinMP0HZEOldrSFaDms6hbdN9+AdeaDFbdBzAe7lHHkp/zN6ysHfe+2ZX35bE7j8OE4C4Qa9UaOznmQUnP8ZxVC6886yiybwqv+D1mdDjpYlDSugaes69Ee0B5tft6fRYy22QC5Mla0DCFirQ4AaSshT0R6g== X-MS-Exchange-AntiSpam-MessageData: CaFnVBa61xWvcFBYhjiEJ5iAK2xUe3ooK/XIviU18OuSp1xjUXIIW5noDxsz/lrZAfyc73OMYHbtxPAdBVS+VpvzqycY4r1p+XhhPlm3jhHP8PDiK0g5murKQWr8bpZ1PLEKP71jj1SmrClfW6pHQQ== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 18f74af7-2dfb-4aee-b77c-08d91123f15f X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 May 2021 06:47:12.3014 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: HE1EUR02FT024.eop-EUR02.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR02HT088 Subject: [FFmpeg-devel] [PATCH 09/20] avcodec/vorbisenc: Don't free uninitialized pointers X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Xztog6DPlQrv The Vorbis encoder allocates several arrays destined to contain pointers to separately allocated arrays; yet these arrays are allocated without initializing them: They are only uninitialized until their final values are stored in them; so if allocating one of the earlier subarrays fails, all of the remaining pointers to subarrays are still uninitialized. But their are used for freeing, resulting in crashes. Fix this by zero-initializing the arrays with subarrays. Signed-off-by: Andreas Rheinhardt --- libavcodec/vorbisenc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/vorbisenc.c b/libavcodec/vorbisenc.c index 1f7e9b3c91..dc54919f64 100644 --- a/libavcodec/vorbisenc.c +++ b/libavcodec/vorbisenc.c @@ -279,7 +279,7 @@ static int create_vorbis_context(vorbis_enc_context *venc, venc->log2_blocksize[0] = venc->log2_blocksize[1] = 11; venc->ncodebooks = FF_ARRAY_ELEMS(cvectors); - venc->codebooks = av_malloc(sizeof(vorbis_enc_codebook) * venc->ncodebooks); + venc->codebooks = av_mallocz(sizeof(vorbis_enc_codebook) * venc->ncodebooks); if (!venc->codebooks) return AVERROR(ENOMEM); @@ -318,7 +318,7 @@ static int create_vorbis_context(vorbis_enc_context *venc, } venc->nfloors = 1; - venc->floors = av_malloc(sizeof(vorbis_enc_floor) * venc->nfloors); + venc->floors = av_mallocz(sizeof(vorbis_enc_floor) * venc->nfloors); if (!venc->floors) return AVERROR(ENOMEM); @@ -335,7 +335,7 @@ static int create_vorbis_context(vorbis_enc_context *venc, fc->nclasses = FFMAX(fc->nclasses, fc->partition_to_class[i]); } fc->nclasses++; - fc->classes = av_malloc_array(fc->nclasses, sizeof(vorbis_enc_floor_class)); + fc->classes = av_calloc(fc->nclasses, sizeof(vorbis_enc_floor_class)); if (!fc->classes) return AVERROR(ENOMEM); for (i = 0; i < fc->nclasses; i++) { @@ -375,7 +375,7 @@ static int create_vorbis_context(vorbis_enc_context *venc, return AVERROR_BUG; venc->nresidues = 1; - venc->residues = av_malloc(sizeof(vorbis_enc_residue) * venc->nresidues); + venc->residues = av_mallocz(sizeof(vorbis_enc_residue) * venc->nresidues); if (!venc->residues) return AVERROR(ENOMEM); @@ -409,7 +409,7 @@ static int create_vorbis_context(vorbis_enc_context *venc, return ret; venc->nmappings = 1; - venc->mappings = av_malloc(sizeof(vorbis_enc_mapping) * venc->nmappings); + venc->mappings = av_mallocz(sizeof(vorbis_enc_mapping) * venc->nmappings); if (!venc->mappings) return AVERROR(ENOMEM);