From patchwork Sat Aug 22 23:04:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21822 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 7C421449E7C for ; Sun, 23 Aug 2020 02:04:50 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 592F068B5F6; Sun, 23 Aug 2020 02:04:50 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f67.google.com (mail-ej1-f67.google.com [209.85.218.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id AFDA6688057 for ; Sun, 23 Aug 2020 02:04:43 +0300 (EEST) Received: by mail-ej1-f67.google.com with SMTP id l2so1375245eji.3 for ; Sat, 22 Aug 2020 16:04:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=GH75npHNmr5W71YmBSrNmsLnTOaXUT4zgpHt/JZYfkA=; b=coopIT40p43NUqJcLr9Su728EzJuILRAlX3ett6d3XDcfR/7lLJHcoULPtCLpe9GDN IgFxiIpOMjGSnhj5ggAgt/01YtDvNUnEgmg5rTayu5ZNTMqMCbLzjoQw4bO8Waz2TICA XScibRekbed7ngbf5XxkL2Zde9ToijmRXgD8EdswYSl6zZMPPkGE0ewGhGHL1NMlIO12 TTjKRowSlDGBPlKrn5O/Ab/hvGut5X7ZVnuYO4vKsgH79XxmIKllGlxyetmhM7BcFIuI E8+eh080mb5h2Hw9I1hC4rIJOOaxkJ8WzeW/puGf9bac0C2FrhvwOKWtqY0xsQtIYCAZ 0plQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=GH75npHNmr5W71YmBSrNmsLnTOaXUT4zgpHt/JZYfkA=; b=OHuIP1dVtFkpRd3IUwGEyn5WdNke6Q3OsurAKVeTR+u/0hMkdGVgPt8TXOuj1wv8GZ f0dpV4WRwB01Az7vRqgjdMouUpYUxS/k35DFT9ucj6m+Zp+BdGMqPja6Lc1bXAaokWoq YPj/zBlJcpOfIejRfj+/rQM0eRqM/YropjY9DkBE8zsnf3F6cQuD5PpDPka9BfOCl957 6PU+9a6oO8X3kahAN5Ycca1GBJH9Tu3V3FzLIEie4CiDqeys6UtRwdfBl5cNx7JmcfJE +sPC8S8s7ZEx1d5ld/Ao0NKMARc90Ma71Q7Ec7IdnDLo3mggMkKX4UnY/59lu8tpyEeS fS/Q== X-Gm-Message-State: AOAM532s6bTfn04uQHxbx+TbJJH1PM38ngl1R9FqblNkbQhioxQjCizB ZpYAVrFZ2gxu/28kDnfYuFPKPEM+qpc= X-Google-Smtp-Source: ABdhPJw8CYiDgctAs8opVh4yls62FRsVWMgXyBmOYxLtjKnSadp09GYc2/SNrc3H4NhwaXr4OYB/sA== X-Received: by 2002:a17:906:150b:: with SMTP id b11mr9019325ejd.234.1598137482677; Sat, 22 Aug 2020 16:04:42 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id d24sm3813366edz.77.2020.08.22.16.04.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Aug 2020 16:04:42 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 23 Aug 2020 01:04:32 +0200 Message-Id: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/3] avfilter/graphparser: Fix leaks when parsing inputs fails X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" parse_inputs() uses a temporary linked list to parse the labeled inputs of a filter; said linked list owns its elements (and their names). On success, the list of unlabeled inputs is appened to the end of the list of labeled inputs and the new list is returned; yet on failures, nothing frees the already existing elements of the temporary linked list, leading to a leak. This can be triggered by e.g. using '-vf [v][' in the FFmpeg command-line tool. This leak seems to exist since 4e781c25b7b1955d1a9a0b0771c3ce1acb0957bd. Signed-off-by: Andreas Rheinhardt --- libavfilter/graphparser.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavfilter/graphparser.c b/libavfilter/graphparser.c index d92b5360a6..dfb94788e1 100644 --- a/libavfilter/graphparser.c +++ b/libavfilter/graphparser.c @@ -303,8 +303,10 @@ static int parse_inputs(const char **buf, AVFilterInOut **curr_inputs, char *name = parse_link_name(buf, log_ctx); AVFilterInOut *match; - if (!name) + if (!name) { + avfilter_inout_free(&parsed_inputs); return AVERROR(EINVAL); + } /* First check if the label is not in the open_outputs list */ match = extract_inout(name, open_outputs); @@ -314,6 +316,7 @@ static int parse_inputs(const char **buf, AVFilterInOut **curr_inputs, } else { /* Not in the list, so add it as an input */ if (!(match = av_mallocz(sizeof(AVFilterInOut)))) { + avfilter_inout_free(&parsed_inputs); av_free(name); return AVERROR(ENOMEM); } From patchwork Sat Aug 22 23:04:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21823 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id BEB54449FCE for ; Sun, 23 Aug 2020 02:05:10 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A312568B55B; Sun, 23 Aug 2020 02:05:10 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f68.google.com (mail-ej1-f68.google.com [209.85.218.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1323668B4FD for ; Sun, 23 Aug 2020 02:05:04 +0300 (EEST) Received: by mail-ej1-f68.google.com with SMTP id d11so7195409ejt.13 for ; Sat, 22 Aug 2020 16:05:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VrJjurtnkdVhCzvybJOIVWD1hBBufvWfOqGTlWypeKY=; b=V2QOyuFwzi9zlmgejdJZoSadbTm89xYAqB0JOhB3FkUgeRExSTJeH1KuTJKjm3fYxf oHDwnyGS/WNvS7AkZlvLJAEizPSAspcJ1jsZ2QvDQ/K+5rgKykUzI8qJpgta8c4+ERzT 2gHDDTvQeKZTpyDisC5ETK3FXv+axrSNyDmWZsmLY34wU2YE2eZJZHIgoNn1cHW4wdF3 G73+KPqGKxc+eZCynDyre+r3J4yaFV3GNTLI/L1F/p4kQxgaKGyRr+3JllpXUAXHcaax 4FGarVaTa+fjIfDfw9b0BPHhKGPc3pSpxzoli2xlFrS2x87k5anmkhuPFGHro2m9ioR6 jnwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VrJjurtnkdVhCzvybJOIVWD1hBBufvWfOqGTlWypeKY=; b=Md0MkaO2PGC6ruJ9LXRHR6FxBxINWQ7pTav92ujU2WV+myB1bVAmJ3AWaigygSQ2s4 8TLX/WcnBWSIcggpJuSkvUV62Az2RD87dZqwxUXURNPP6CD6HQoU8F/KNyFIYPmQin6f LjEtMJv2oaJxYeroeljcXbHZUy8u3Rfa9pXFvNz8hxR3XekOfBIyHbHA09J9JOkJAl2p jOVzxdw8BJ2K1gpAzy7zq1if98vRYZmdV+1Y1/PW2IWUg/i9ByZbarBT4iGi8/NhapYW LIuA2PHP70tZPnDgz5eTaVwAg/OGblfCbWO2tA4UCI45AKUV5neKdgfMYi+cQReSmhsY +X6Q== X-Gm-Message-State: AOAM533krffui7O+VIbDWePU1JdKkSIevr1dSDAxbQMR8DBqtg7ZZNe+ m0GnapLeNsaHH7wjoWh07w6pcGiZbqE= X-Google-Smtp-Source: ABdhPJyYvLVSCP0gQ+Vlj73czFGQ+pfnbDFte4rEweJABOQPS18qCZIN3FqcY6q606wfEo4Q2Uj6UA== X-Received: by 2002:a17:906:8608:: with SMTP id o8mr9497427ejx.156.1598137503138; Sat, 22 Aug 2020 16:05:03 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id d24sm3813366edz.77.2020.08.22.16.05.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Aug 2020 16:05:02 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 23 Aug 2020 01:04:33 +0200 Message-Id: <20200822230434.11347-2-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> References: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/3] avfilter/graphparser: Don't set pointer to one beyond '\0' of string X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This happened in parse_link_name() if there was a '[' without matching ']'. While this is not undefined behaviour (pointer arithmetic one beyond the end of an array works fine as long as there are no accesses), it is potentially dangerous. It currently isn't (all callers of parse_link_name() treat this as an error and don't access the string any more), but making sure that this will never cause trouble in the future seems nevertheless worthwhile. Signed-off-by: Andreas Rheinhardt --- libavfilter/graphparser.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavfilter/graphparser.c b/libavfilter/graphparser.c index dfb94788e1..e96b20418e 100644 --- a/libavfilter/graphparser.c +++ b/libavfilter/graphparser.c @@ -63,7 +63,7 @@ static char *parse_link_name(const char **buf, void *log_ctx) name = av_get_token(buf, "]"); if (!name) - goto fail; + return NULL; if (!name[0]) { av_log(log_ctx, AV_LOG_ERROR, @@ -71,12 +71,14 @@ static char *parse_link_name(const char **buf, void *log_ctx) goto fail; } - if (*(*buf)++ != ']') { + if (**buf != ']') { av_log(log_ctx, AV_LOG_ERROR, "Mismatched '[' found in the following: \"%s\".\n", start); fail: av_freep(&name); + return NULL; } + (*buf)++; return name; } From patchwork Sat Aug 22 23:04:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21824 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id C8CBF449FCE for ; Sun, 23 Aug 2020 02:05:12 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AF4A068B65F; Sun, 23 Aug 2020 02:05:12 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ed1-f65.google.com (mail-ed1-f65.google.com [209.85.208.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EF50B68B6BB for ; Sun, 23 Aug 2020 02:05:05 +0300 (EEST) Received: by mail-ed1-f65.google.com with SMTP id l63so1912696edl.9 for ; Sat, 22 Aug 2020 16:05:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Cb2d7aEiG3lD70W9Vt1SGmai+8eJw3l8jtyjjy52AWM=; b=UL1QV6wWiW1zAs2ewXozWxgeYF3VpLnEnmZXM8q+LPVNzyzkLwyvvrNfQrKw6zDzSv H/d4IGTlrF/ZYYxpTlndBaCm+1tG+Svj6RjyoPg0MUy8sRQKsMIorHMQLrJGZlgR0FVX l9IqlRBFdCeIwXjir9D84+qwOnExBtdtZjiMRH0H1O+Unm93iCjdPepDBD+iXyMegYlU f2GaB4Qq+vonwht9FO/kNGXqZagT+OkvDmazBHbV8MDva0CbxC1BxxWKWFWTl9nFzwH9 ax4HYc6zFRjm2upkUWY+8l18RzBCW+2sSK9WMsmZCQ1jipV+rFLwH4Ie9Z801JFNedON sz4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Cb2d7aEiG3lD70W9Vt1SGmai+8eJw3l8jtyjjy52AWM=; b=ikwrMzQv2PqJ10k/r4WT/DlYHfZAOgxl8WJ72sgf0ymO86pzhgwAN7UYVASkognepr orfGxDdW1oBRzf2on5VMfwef+EvLNvtfTsLGvaFtN7nLYnTGOtvG8y18MbgYN3trpSr5 fCuudMjBNE+BKM79Blch7usTSFAlxqPqUeBELWKxtdSgskThs/5Epnj8iyOhRpHxB9Od VrjaAb9qoois8BvWVDU0kLMPjzvHvLRDHhN5nc/Ub4MSZiEOwf6WriRe16uh06cggYNW qzzHXYeoaTQ/4DgFzvvyA5C4d+BT/8b18F8XuVSSov0ocKPg6UYl+o35Tpc6yudT8mVZ rqLw== X-Gm-Message-State: AOAM531FcVZTC9DWR3lh2WcLLw6IGKD7eevk6NNgszzJpzFS/PlYYklC efeKYRnqcKuiW0xuECQLHcRTL1jA/fA= X-Google-Smtp-Source: ABdhPJxfe2lmvWcovefA+D/DtJ7WIIHG+v3fsx1DnS7WOVE4CaNnRLxK9EAmgIDYAed/VrhylRMZ/w== X-Received: by 2002:a05:6402:748:: with SMTP id p8mr9068202edy.305.1598137504148; Sat, 22 Aug 2020 16:05:04 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id d24sm3813366edz.77.2020.08.22.16.05.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Aug 2020 16:05:03 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 23 Aug 2020 01:04:34 +0200 Message-Id: <20200822230434.11347-3-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> References: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 3/3] avfilter/allfilters: Don't cast const away X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Casting const away directly before return is completely pointless here as avfilter_get_by_name() already returns a const AVFilter *. Signed-off-by: Andreas Rheinhardt --- libavfilter/allfilters.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/allfilters.c b/libavfilter/allfilters.c index 3f70153986..fa91e608e4 100644 --- a/libavfilter/allfilters.c +++ b/libavfilter/allfilters.c @@ -528,7 +528,7 @@ const AVFilter *avfilter_get_by_name(const char *name) while ((f = av_filter_iterate(&opaque))) if (!strcmp(f->name, name)) - return (AVFilter *)f; + return f; return NULL; } From patchwork Sun Aug 23 09:50:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21828 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 68B0D44B56D for ; Sun, 23 Aug 2020 12:50:59 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 49D4068807D; Sun, 23 Aug 2020 12:50:59 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f66.google.com (mail-ej1-f66.google.com [209.85.218.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0698D680855 for ; Sun, 23 Aug 2020 12:50:53 +0300 (EEST) Received: by mail-ej1-f66.google.com with SMTP id si26so8196631ejb.12 for ; Sun, 23 Aug 2020 02:50:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=RCfnMxrkvfTv1fBmexnhNOWnIB/EuGRlgw9ippiXqqE=; b=BJm374cGTLPfOIAU1vJA/CR9YzLMIMTR93wJ46OukANg3DyNw5PyTxQPWw0uIKhgLb 1cZhNwE9DD1QWIOz/3g1yg1Ofg6rkyEKsTrWAiQygXiBIKrABkiu5OnxsJZl+CeO5NP7 TurFCPFnO9lwsEpCvwbAYh64ttclrKJorrzojhyX1vMf1uKd9BXQBl2x1n2ChEJMKl28 T658O6qv600n6NhILvMS5vFZiwfUfgErW/iXPxD47eEGpOF+QgaotxcmhOSOS/RbD4jf gFcFWcmRImz1h9fsJH7eDxco2las9unBVmFlzu1YAZ2X47XgtIfteS63AgtTKnZAFwfG xfgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RCfnMxrkvfTv1fBmexnhNOWnIB/EuGRlgw9ippiXqqE=; b=qimzVVMOvHkt1f99iokBP1pqTVjDEnT0TPW57BQRpqXMWuETYL3MkyJW+GU4Ypn6Nf RXc/mog4YfQCli5efq0THQk4OhtnyRQ4RcfTkj7xzSMW5D3Clj49hDNLTrQVbsgPFLEi RJid0wJ69MPJ08co08D6M2sHlIfYqUdbTy94ksIepoZiL7dFpHLLIR4OBI40WKOi/I7V Ekz/KOTV1H09QvrUYjNxGQHxJEiksp2LcU9sTlhoOrLcHkrzlk5A74hkVZHLuS9Xj6LN gubccGFFhWMkYR5/i0l63i+zivgf+Z/GQXs16c8OqY1uYxO5qSuFSOPlKEL8gKYsaBCt bz+A== X-Gm-Message-State: AOAM531n0p06h7GM2Dbp69gBV5fXVnPPLo03qbb3rYaSQacXm4OmAyJ1 I4H+/aqbeIQbd+Sr03ofycujLiJAGPE= X-Google-Smtp-Source: ABdhPJwZcYRCYB9ZhXeesIIy7DIAKzc+UYP55WLOWBVe/TA/RoSqsdu/nh4agx6KX2GtAYKR40vlug== X-Received: by 2002:a17:906:2296:: with SMTP id p22mr836002eja.510.1598176252149; Sun, 23 Aug 2020 02:50:52 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id v10sm5256022eda.87.2020.08.23.02.50.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Aug 2020 02:50:51 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 23 Aug 2020 11:50:36 +0200 Message-Id: <20200823095039.18851-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> References: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 4/7] avfilter/graphparser: Check allocations for success X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" parse_filter() did not check the return value of av_get_token() for success; in case name (the name of a filter) was NULL, one got a segfault in av_strlcpy() (called from create_filter()). Signed-off-by: Andreas Rheinhardt --- libavfilter/graphparser.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavfilter/graphparser.c b/libavfilter/graphparser.c index e96b20418e..a52916a146 100644 --- a/libavfilter/graphparser.c +++ b/libavfilter/graphparser.c @@ -186,9 +186,16 @@ static int parse_filter(AVFilterContext **filt_ctx, const char **buf, AVFilterGr char *name = av_get_token(buf, "=,;["); int ret; + if (!name) + return AVERROR(ENOMEM); + if (**buf == '=') { (*buf)++; opts = av_get_token(buf, "[],;"); + if (!opts) { + av_free(name); + return AVERROR(ENOMEM); + } } ret = create_filter(filt_ctx, graph, index, name, opts, log_ctx); From patchwork Sun Aug 23 09:50:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21829 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id AE08E44B698 for ; Sun, 23 Aug 2020 12:51:11 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9708B6880DE; Sun, 23 Aug 2020 12:51:11 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f65.google.com (mail-ej1-f65.google.com [209.85.218.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E968E68808D for ; Sun, 23 Aug 2020 12:51:04 +0300 (EEST) Received: by mail-ej1-f65.google.com with SMTP id si26so8196914ejb.12 for ; Sun, 23 Aug 2020 02:51:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mOVpbyk+v+fO1Yj42YNB2N9No75Dqgs0+wOomvmh0oQ=; b=lp0fS8/o4oIBK/1eoOoV3XO/HklaTpNWxcT5QIezUqshJr4Fx8OYBQmyim74EYwQDY KDvU5wJpcHq5KOI9a6EPGyAWkGB3iHItiUvfY9WgONXW3KnPvGxPwqyQzeHUpVdNwDpa imR0CngNOvDmnQJDXI7asN17vAyBT6efWgMDCtRez3DBe5K1rzI3IDx/k3pbqGYwLAzt bigvoUv83WNwtQrbEJCwAc49i10u7W3ehiTeaOakPsLonKDkJpYOfsmoroLc8db/VSaG G5q8ABp3V1R45DZpdgR4wwQ18UtbUj+H/MxQ/ZF59DBm0fEDopcdDPrY0uYAdh4918sQ nyCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mOVpbyk+v+fO1Yj42YNB2N9No75Dqgs0+wOomvmh0oQ=; b=GDUoigMKcg3gHCOGrGyl+kRmlKpQvrvi4JMDv5eCh1IEJgEu/gRAtM36xmJkQyZMsn eUgIcsXVNY5opOjAgGYxQrJD/Wvn13UzDy2Xx4qE6Vbp7prVXrO5eLt5DfFPd0Dog3PL sfcymozMgKYMVZf5KknKCG9F1DdBf8NBIZSxPyJbA91IqhNng8a+OzGGnYLsmX/ObkDt 4jQxAxrDVezoTgmM2qVyuU+FrGZXHAejvXzAoI2wzXvepLaHIFzjvdzjnScCmsNC5i3h 2WlKmVXPlAUTwdpZHQGsUhSnrrFwQXPFdJ1iF9L0Upm/buh2v4NmHyth7ye3FD5OJra1 5TYg== X-Gm-Message-State: AOAM530wL9RCfel+ijuTEvzaQipflGgSbaW8CBIL5xRIc4ifmi9eNfo5 boEQLiDozPOkJrxUViRwOa/AViB5np4= X-Google-Smtp-Source: ABdhPJxMIg84u7ErjREqIWPzXHDaTz8eLZtnNrCmsjzdxnT1ukfibt+Fx3nZzTaeDgV8EEttMOmkKg== X-Received: by 2002:a17:906:2e0c:: with SMTP id n12mr811695eji.35.1598176264110; Sun, 23 Aug 2020 02:51:04 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id v10sm5256022eda.87.2020.08.23.02.51.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Aug 2020 02:51:03 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 23 Aug 2020 11:50:37 +0200 Message-Id: <20200823095039.18851-2-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> References: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 5/7] fftools/ffmpeg: Fix leak of AVFilterInOut in case of error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The AVFilterInOuts normally get freed in init_output_filter() when the corresponding streams get created; yet if an error happens before one reaches said point, they leak. Therefore this commit makes ffmpeg_cleanup free them, too. Fixes ticket #8267. Signed-off-by: Andreas Rheinhardt --- fftools/ffmpeg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c index 173ac3c9a0..84306818a2 100644 --- a/fftools/ffmpeg.c +++ b/fftools/ffmpeg.c @@ -528,6 +528,7 @@ static void ffmpeg_cleanup(int ret) for (j = 0; j < fg->nb_outputs; j++) { OutputFilter *ofilter = fg->outputs[j]; + avfilter_inout_free(&ofilter->out_tmp); av_freep(&ofilter->name); av_freep(&ofilter->formats); av_freep(&ofilter->channel_layouts); From patchwork Sun Aug 23 09:50:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21830 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 96C4744B698 for ; Sun, 23 Aug 2020 12:51:13 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 80D2568808D; Sun, 23 Aug 2020 12:51:13 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ed1-f67.google.com (mail-ed1-f67.google.com [209.85.208.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 099A968808D for ; Sun, 23 Aug 2020 12:51:06 +0300 (EEST) Received: by mail-ed1-f67.google.com with SMTP id c10so5505927edk.6 for ; Sun, 23 Aug 2020 02:51:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=p7UvMddjUfpmknnToQIBMcBC7MXykZl3rij0j6dHcDk=; b=Opu/uGzoSv7YuoSLznVzwgbFtBqrnSDF7mI1X7U1aU6UeYnu13x+Oe9NfPOLXVjRnw 5Q/ts6k78Cpmrp6pWZ/F1a2BNEe6ZsfFUaLFMjfxbUA3xfGcdsglZOEzNE59LsvxJoXj B0HBWc6NzEeKZHPP/7GDn1VVdV8aIdFq9NnAsF7O+aPkMBcK03HeemO6f6HnfrEwpoTC Lc9+4NSy/NkMVGpXEfWNmaOrVqBl5wEIGNJ0MXOjBzNlS1KPRcX+RO7eSgwXCs18hL9h RiPCqwKe0L2L7a5GW6+YUKdA8AdjKLERAzqMmMxFN8QGC0Jt92O0WTIS4dquH/fMeNf/ tvqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=p7UvMddjUfpmknnToQIBMcBC7MXykZl3rij0j6dHcDk=; b=N02RfFnSXDiEQsxazzIXIgRWEkKmPi0UU1ZSU4vNkLBSL2re7bP6US8oCzvQMniAPG O1aXofyOTxSc+Otib0kNltJb9TMlBapjBO0W54XnjEYZtZV0AoZVMBURHtbmUGShTk+u jVs2b5GEAln6SY2rBlxe24mcCEVNkGyFxs4PCY0PtqYb/BLJRTAYlE2BioPH0Sn20CLm GWJIXZMgNj8UBym/nsfftKfKNvSyxzqM90CBFlpN/P5c8sjE/vJDFU8LVjNlyA0IlFgX 0jyo493chAAh0ZRbwNebkVu1tVmVUOO4gPlX0GvufAp5wQrgvwTQVZQWfjP1Ze5r5GJs 0eYQ== X-Gm-Message-State: AOAM5338jP9iI4tifWYJVpWdv3P5nkcJzJ1kO//XqEfOBpDWx6Cvtrqq bn4lJaSZrROQ91DlkgSVuF+66eygUW4= X-Google-Smtp-Source: ABdhPJybvW9lzyvIH6T6yAIg+6qd414LeMqisl7DyR7niy01BEgUzq1O3GtlF3NbpapFVkN8qmwzHQ== X-Received: by 2002:aa7:dd05:: with SMTP id i5mr768903edv.324.1598176265137; Sun, 23 Aug 2020 02:51:05 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id v10sm5256022eda.87.2020.08.23.02.51.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Aug 2020 02:51:04 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 23 Aug 2020 11:50:38 +0200 Message-Id: <20200823095039.18851-3-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> References: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 6/7] avfilter/graphparser: Avoid check whose result is known in advance X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The result of the last check in code like if (p) foo else p = av_mallocz(sizeof(*p)); if (p->ptr) bar else bar2 is known in advance if the else branch of the first check was taken because av_mallocz() returns zeroed buffers. Therefore the above snippet can be simplified by moving the check and bar into the foo block. Signed-off-by: Andreas Rheinhardt --- libavfilter/graphparser.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/libavfilter/graphparser.c b/libavfilter/graphparser.c index a52916a146..f55737f8c7 100644 --- a/libavfilter/graphparser.c +++ b/libavfilter/graphparser.c @@ -266,20 +266,20 @@ static int link_filter_inouts(AVFilterContext *filt_ctx, if (p) { *curr_inputs = (*curr_inputs)->next; p->next = NULL; + if (p->filter_ctx) { + ret = link_filter(p->filter_ctx, p->pad_idx, filt_ctx, pad, log_ctx); + av_freep(&p->name); + av_freep(&p); + if (ret < 0) + return ret; + continue; + } } else if (!(p = av_mallocz(sizeof(*p)))) return AVERROR(ENOMEM); - if (p->filter_ctx) { - ret = link_filter(p->filter_ctx, p->pad_idx, filt_ctx, pad, log_ctx); - av_freep(&p->name); - av_freep(&p); - if (ret < 0) - return ret; - } else { - p->filter_ctx = filt_ctx; - p->pad_idx = pad; - append_inout(open_inputs, &p); - } + p->filter_ctx = filt_ctx; + p->pad_idx = pad; + append_inout(open_inputs, &p); } if (*curr_inputs) { From patchwork Sun Aug 23 09:50:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21831 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 7FA9844B698 for ; Sun, 23 Aug 2020 12:51:14 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5EC9968973D; Sun, 23 Aug 2020 12:51:14 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f65.google.com (mail-ej1-f65.google.com [209.85.218.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id DF9616881E6 for ; Sun, 23 Aug 2020 12:51:06 +0300 (EEST) Received: by mail-ej1-f65.google.com with SMTP id l2so2185133eji.3 for ; Sun, 23 Aug 2020 02:51:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mGIE19aEfiw847+EY/W9X5Eo0Pd7Sx53kLc/sQ39vs4=; b=bR5cxMr0ML0agImegHbQyCQp3l3llYaLLwLsM9PPhbF6DJedq8zUsNKDd33NpJqRB5 K1GApnDaCNdblPV4TIshl91r+ApyUG6UWPl5WkW67UAdkXhJDRVFayxldL7LdqlyC5xI s2f36TZPUABDwjvTO9wNdPZFtpX2bW8y5Vu6H4yeXAF/FIWf1ARzBJ/8Cs0EZvKxDKC9 vBH8RQYJqmY0JqCrdC5BCSGdp4kMXx+ES2wC6JBzlPqSyae2nXwAMLM+C9FoZF9rLuzc 6UvRDpFOPvIKCtSuz9Mk9a53ZBcjWGtoPzVDNFY5oRTxGG5eaHjj5cXAqfZ22IbJguzg SQlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mGIE19aEfiw847+EY/W9X5Eo0Pd7Sx53kLc/sQ39vs4=; b=kawmPKW976GV6m+5Y9muKJPKfbtXS6/Rd5vlaKGyhxCGasYFsUSswVECbe+N6SbvEq he15t6Xa2z0hPfoA3qcVtM0CV0SB9MOK4f3H5fTmbi5GXvMxJL7JH42RFrvgzdTY9JzP ZZw3gRyAPnuEjIqfT1A0ox92u8qaX5JbiwRwmsmojxJNzi5WlcVN3CQwJJzD7iCUoLlZ /oFjvJUfrdOdWPqorGr0TS0eKmyMf+w/MWEox4yZQ6uMJr6POrhRpCUAoHQa+uFd4t0R XPdb0Dr2wtjfIcaxfAc2fGXbAWeNYcAyXhQizoavxPwICdtuA6x3qzWiwr1nXcQd8zei uIUw== X-Gm-Message-State: AOAM532SBvfi2URiXhXPsCr4YIIVqn4IIJErIxUQ4GCBA7H/QlyhDdfL 1W5ehPJL+Y26gNEblpkaak0dnvbtDic= X-Google-Smtp-Source: ABdhPJzElRY3WV3ijL5Q0RusJ3YGy6wL+laPPvoCczvS1ebPhw2ESIjzW4+3uQbdSF9wlUBdvdRKng== X-Received: by 2002:a17:906:600f:: with SMTP id o15mr798815ejj.529.1598176266097; Sun, 23 Aug 2020 02:51:06 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id v10sm5256022eda.87.2020.08.23.02.51.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Aug 2020 02:51:05 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 23 Aug 2020 11:50:39 +0200 Message-Id: <20200823095039.18851-4-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> References: <20200822230434.11347-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 7/7] avfilter/graphparser: Fix memleak when linking filters fails X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Parsing labeled outputs involves a check for an already known match (a labeled input with the same name) to pair them together. If yes, it is attempted to create a link between the two filters; in this case the AVFilterInOuts have fulfilled their purpose and are freed. Yet if creating the link fails, these AVFilterInOuts have up until now not been freed, although they had already been removed from their respective lists (which means that they are not freed automatically). In other words: They leak. This commit fixes this. This fixes ticket #7084. Said ticket contains an example program to reproduce a leak. It can also be reproduced with ffmpeg alone, e.g. with the complex filters "[0]null[1],[2]anull[0]" or with "[0]abitscope[0]". All of these three examples involve media type mismatches which make it impossible to create the links. The bug could also be triggered by other means, e.g. failure to allocate the necessary AVFilterLink. Signed-off-by: Andreas Rheinhardt --- libavfilter/graphparser.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/libavfilter/graphparser.c b/libavfilter/graphparser.c index f55737f8c7..d72e65c09a 100644 --- a/libavfilter/graphparser.c +++ b/libavfilter/graphparser.c @@ -372,15 +372,14 @@ static int parse_outputs(const char **buf, AVFilterInOut **curr_inputs, match = extract_inout(name, open_inputs); if (match) { - if ((ret = link_filter(input->filter_ctx, input->pad_idx, - match->filter_ctx, match->pad_idx, log_ctx)) < 0) { - av_free(name); - return ret; - } + ret = link_filter(input->filter_ctx, input->pad_idx, + match->filter_ctx, match->pad_idx, log_ctx); av_freep(&match->name); av_freep(&name); av_freep(&match); av_freep(&input); + if (ret < 0) + return ret; } else { /* Not in the list, so add the first input as an open_output */ input->name = name;