From patchwork Mon Jun 29 21:50:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 20739 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 5440644AB93 for ; Tue, 30 Jun 2020 00:51:11 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2E4A3687FAE; Tue, 30 Jun 2020 00:51:11 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ed1-f68.google.com (mail-ed1-f68.google.com [209.85.208.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5B91B6804B5 for ; Tue, 30 Jun 2020 00:51:04 +0300 (EEST) Received: by mail-ed1-f68.google.com with SMTP id g20so14100803edm.4 for ; Mon, 29 Jun 2020 14:51:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mobuVNLyuKXp4xsUMbtjbS1Gulx+EWOBYHlMG2muC7o=; b=Mj0gTVVXEUBVvuI40WxdbUgkASOkDx9DSErnXdvcENRmEktLotqz951hggLu0uRXb3 dvAj2Vv8QS/gnmey2+0NjnPEfB7bkstuyarJlJKlRzVOC9jnAhAOiAiYfbTLRnnozWFX e4DJCVsrzu0XYk+WvmNwrqCcYpvFxeF8NUBU+mkdx80zMjUAkfHikDsKqkviub9Ar8/S qu1aDCJHeqFTfOofW4DOgOm2j/NzmlaF+AHBgB7Ml96mNyPxPPVSDxYCcj8t8KuRpJba clr0lXK1LO1PGhPh4m+8RWVBqSZ42jd8T8mIuzDAmtFX/w/FYXbj1IstHyHGlb72Frmr RaLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mobuVNLyuKXp4xsUMbtjbS1Gulx+EWOBYHlMG2muC7o=; b=bndnRf945fTCLVxnahNvYxPLhSI8u9/4zIHbMhMAy4eRatumygBltoFxxa5Mra/Qt9 9syh+jFyFMm2Qe6tBlEjDjklv8Yh/av3ieMzfRZ8tVnK82lY60SLrxni1hroNaDjrYh+ Rqs01tIECMWqjAiYaVN4B+jU0QKPCZ+K/PeNFdOkmYqCb13IyS5b+dBsnmDMthw6VV83 BGh75R6VDfX1PjeC/9Pmz9iFb0TWG4X0ytQPJtkCpKUca1N/FSzTdKgNcgVnR/OAioHA ue3uH15hteaJzG2zYkyhKgnSFWG9xNCP7vAAyxIknZmQwfMKj4ZmLFHNLi+RIUXVcz5L C5+w== X-Gm-Message-State: AOAM531Fp2m303xwZFgA5iH5C7ATCn0rWMRTeni+1LmzTohsFrYp0AyN x0elj9t1/Xdw/ZgLP1jkhauXaQMb X-Google-Smtp-Source: ABdhPJwj8VtbE3A/ib4fUXcurT/8lpO+IbL/5J/ylrC1x7xOzweQ5Pp39TJpJsADUGhLnXaj9f4PhA== X-Received: by 2002:a50:931e:: with SMTP id m30mr20565035eda.341.1593467463445; Mon, 29 Jun 2020 14:51:03 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de. [188.193.2.150]) by smtp.gmail.com with ESMTPSA id u13sm556694ejx.3.2020.06.29.14.51.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jun 2020 14:51:02 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 29 Jun 2020 23:50:55 +0200 Message-Id: <20200629215055.31965-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v2] libavformat/mov: Fix memleaks when demuxing DV audio X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The code for demuxing DV audio predates the introduction of refcounted packets and when the latter was added, changes to the former were forgotten. This meant that when avpriv_dv_produce_packet initialized the packet containing the AVBufferRef, the AVBufferRef as well as the underlying AVBuffer leaked; the actual packet data didn't leak: They were directly freed, but not via their AVBuffer's free function. https://samples.ffmpeg.org/ffmpeg-bugs/trac/ticket4671/dir1.tar.bz2 contains samples for this (enable_drefs needs to be enabled for them). Moreover, errors in avpriv_dv_produce_packet were ignored; this has been changed, too. Furthermore, in the hypothetical scenario that the track has a palette, this would leak, too, so reorder the code so that the palette code appears after the DV audio code. Signed-off-by: Andreas Rheinhardt --- I already sent this patch last September [1]; the only difference is that I have updated the commit message in light of the fact that I have now found a sample to actually test it (it works as intended). I intend to apply it in two days unless there are objections. [1]: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20190916155502.17579-3-andreas.rheinhardt@gmail.com/ libavformat/mov.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index adc52de947..8be01dd66b 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -7898,6 +7898,19 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt) } return ret; } +#if CONFIG_DV_DEMUXER + if (mov->dv_demux && sc->dv_audio_container) { + AVBufferRef *buf = pkt->buf; + ret = avpriv_dv_produce_packet(mov->dv_demux, pkt, pkt->data, pkt->size, pkt->pos); + pkt->buf = buf; + av_packet_unref(pkt); + if (ret < 0) + return ret; + ret = avpriv_dv_get_packet(mov->dv_demux, pkt); + if (ret < 0) + return ret; + } +#endif if (sc->has_palette) { uint8_t *pal; @@ -7909,16 +7922,6 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt) sc->has_palette = 0; } } -#if CONFIG_DV_DEMUXER - if (mov->dv_demux && sc->dv_audio_container) { - avpriv_dv_produce_packet(mov->dv_demux, pkt, pkt->data, pkt->size, pkt->pos); - av_freep(&pkt->data); - pkt->size = 0; - ret = avpriv_dv_get_packet(mov->dv_demux, pkt); - if (ret < 0) - return ret; - } -#endif if (st->codecpar->codec_id == AV_CODEC_ID_MP3 && !st->need_parsing && pkt->size > 4) { if (ff_mpa_check_header(AV_RB32(pkt->data)) < 0) st->need_parsing = AVSTREAM_PARSE_FULL;