From patchwork Sat Apr 3 14:17:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 26721 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 58EF944BCF4 for ; Sat, 3 Apr 2021 17:17:46 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3219F68A7FD; Sat, 3 Apr 2021 17:17:46 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR06-VI1-obe.outbound.protection.outlook.com (mail-vi1eur06olkn2039.outbound.protection.outlook.com [40.92.17.39]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9E1DA68A607 for ; Sat, 3 Apr 2021 17:17:40 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S7WAEvfvHFFcDqOkwEvqOyECL2O2O0pns+y/C7hTOS2ywia32mfzP82m54ZCAIewAoPnwjOwlEJHSBh0XsFCw94YAUOL9cpEXxgVDeaJ8XWBnKGyJP4ex4MetJNmUUTxF+kyi/RiLgMs8mt8ZXEFno49HEAZgPLj1D2nRlhkxGKIhzGwEWNoTG+vJoj30FuGn41I/JWyV90EIWMoGTmfRIlnNg5Tt160PzRS0+vV9SQv7dr3rDbdK68eKzhI+/VbMiA2vM/5+PhcBptMdD2TEqqbTVFGvbr7ANIUIeG5d6DIN48iZFRScHeWzjQr5rmCvxwaKoJ5yYxxMHwr+oTLEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v2pDxGLIH7wvTVufpp4qlo29VvgB06xh66A2fN8cVHg=; b=SpfFw322OqAlVGAEbCmh9k7Vh1nSTASLDFxMQhChMx6AsSFDDFKh+FlSyJabV4DW67gyEyTgGOPlI/EkFfNpSdZhz6tV5oJjPz/kMB6LhxfY8iFlXsIEQq5L3df8arQ0NFWB8EPc9klGTmkC6D6PVBdKVyLD12G459nRyuZHaOG2JXnbSiLSyREqL8fJhd2mxR8c7tqKCZqQ7YOLAFBs3XX9qpP0UGYz4+C07nzIFz1rzxYr5AIQN+J3r6wVfazMKfCuCh/FSkqmXl2tji5522mPYUi8gavBt1qRk/qJRXeYldv2EZNOpsvd131js1hs1W109qbjq+/dFJ53jVJ1Rw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v2pDxGLIH7wvTVufpp4qlo29VvgB06xh66A2fN8cVHg=; b=JfJRmuUiZdPa8+y7TLfmmil+rH5FnDhHFTxmvQQF89w5yTHyqCyToeempAabf09NsPV4xMC02m77ERViI17qjhBxcz93FSazG2MOGl7qVCknlDqno0h3AOSE+f0hn/OVfS01a1sb7iybosgL0yX2YXVFeVLFt36g1MnBCU5Dm42PFbeN2HV2m/JzuFpUmnI4tSsFE+qQT7cOoSz8i9W576tbgZi0EtT7EsDJDb5ifo56DVl/ULs6Xg0UwCcUqY4pOupKVjYttHepUM9o6d96NCBge1SAhYh1K+lYKKHypnUOAPFfqLDC87L93G/UpKOGlA53/Y5uh4obEtKZxRutOg== Received: from DB8EUR06FT044.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc35::52) by DB8EUR06HT183.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc35::160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28; Sat, 3 Apr 2021 14:17:39 +0000 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com (2a01:111:e400:fc35::4d) by DB8EUR06FT044.mail.protection.outlook.com (2a01:111:e400:fc35::280) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28 via Frontend Transport; Sat, 3 Apr 2021 14:17:39 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:F74E31B628D954D038B22827E1E349607B3451F9164D26691E1831A90C6E01D0; UpperCasedChecksum:87D519EF6F3CBF44E40DE644EB96460FEE496B89D1E3139FFDAF74ADC8097C34; SizeAsReceived:7391; Count:46 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21]) by HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21%3]) with mapi id 15.20.3999.032; Sat, 3 Apr 2021 14:17:39 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 3 Apr 2021 16:17:29 +0200 Message-ID: X-Mailer: git-send-email 2.27.0 X-TMN: [x2JUfxSBaKRtdNpQclhGibb74+ltkpIT] X-ClientProxiedBy: ZR0P278CA0009.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:16::19) To HE1PR0301MB2154.eurprd03.prod.outlook.com (2603:10a6:3:2a::22) X-Microsoft-Original-Message-ID: <20210403141731.3378522-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.192.137.96) by ZR0P278CA0009.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:16::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28 via Frontend Transport; Sat, 3 Apr 2021 14:17:38 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 46 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 81d2ff31-e7ac-402a-dd32-08d8f6ab3c99 X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiQPaLYvx5HwmzXq2KsiysPmCUaf2gAI15+SywcLpyD7SJ1cKZL4Uyo5uCt7JHV3jK6rWEDU5ZqxBfw+fIuv2rYp0MYcWdkVGvt7n5p1FMSrnpFm4NakbGhhPLGgOvtO1yinAmX/zEgawhIqcqvvmLwHmg250fk0y26u9ro1L2UjB72Z18wxlXpQw0Ybm+9frVFsVZgA+pbg45eGAnf3Wc9EBcTBWs1u13fXlpLw5ckIO1f1UEYvASERPWuHkgs3c/5OQfB9HywIm3oGnS8LZDNE1Vj5CiLdfaXGrmalvUNxXmUpVhQfwCQdyj8xy4jYxznfQwDgf+Z/iolki8/9IjFjRIHqxG5A62DPHM5hKz/vc31Y24Yjyt3qY9kluZyntb+/HlBek7JQ+OmHIbG/KtD1FlgU1oRd/gYpYnhbmO1Lv4O8sKsf9leeM17rWptHvx+Fuo+slCEnHNZhMJZsK157UI7luzwXNRfYsCNImPAusviolKm88z1HQQOq1pPR4HvdteeT8sAv10/Foq3dYoNuU5/a4gPTQAHhhu+oF7ksrA4hTnHFJW4+33+nqIMCc+WXBh9ve7YNqbYKwMArttaRQc/Ou5CE14KYrC/o+cRWL90DXUsmGKDiGGrC0Or/xK6rjKDvrRcNOcjsHj8A3rzPyoMQdc6OAp4yIUMvlNZzupo7DJT1O0I6pbY9DQX+MHkSGVyQ3TZLywXAuasRFoMYHX/oE4wx0FD69GBMgouHSCdmPCkCGo4Ul5O8YKG7dIY= X-MS-TrafficTypeDiagnostic: DB8EUR06HT183: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NGZJWwzeR3H3L3A7rffMe8GlPFazD+bcnk6RzQd3ZDlwY1OhQIop1b/7lUnc0xgqYVk9gXgsrZWVQaTf1NbFkifjyFAujsZdUIZOcSynYTfkiggDR4o7xMfVwgdKLoTW5PFlkgCr8L+1SJRVc3TDQrNFnaQ6KysxJFr23jiLZYaI6FS1l/NCRjsun66Qng4+enUKWecyoBnwTjIJXinmfS9WHm+yfxvyi/9qN6bdf3mnBtdV5yD2A/QTqvggBO5gjgZgC8T9tYlS+hKrbLxU2Niy75oQfHM9SuxAr7gJnk6XdDBGKa3n1xBoBjX8qUqzntD0d/MF61M8eSVXEl4zUp77L15qQE3ba9rPzQDWb1VwitOFsh+mP6TFrYtBOVZwIiWBBGnvwb0/yhr93F2NkQ== X-MS-Exchange-AntiSpam-MessageData: DWf8sg7+NAH62km4LjsTg0g8jWfKcDlnn7rz5wx/Bdv3GKYgqO20bOi4BV2pAL2lx9DHeY35IQuIvcZXtiWlemlZglP2dNlYJfovYNMPLnFak3X05bmYdVMXTTSfbKmwy8zvlBrLzrcPRWE1ZWThbw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 81d2ff31-e7ac-402a-dd32-08d8f6ab3c99 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Apr 2021 14:17:39.1931 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: DB8EUR06FT044.eop-eur06.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8EUR06HT183 Subject: [FFmpeg-devel] [PATCH 1/3] avcodec/mjpegdec: Fix leak in case of invalid external Huffman tables X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" When using external Huffman tables fails during init, the decoder reverts back to using the default Huffman tables; and when doing so, the current VLC tables leak because init_default_huffman_tables() doesn't free them before overwriting them. Sample: samples.ffmpeg.org/archive/all/avi+mjpeg+pcm_s16le++mjpeg-interlace.avi Signed-off-by: Andreas Rheinhardt --- libavcodec/mjpegdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 5583d2aa35..776797d35b 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -76,6 +76,7 @@ static int init_default_huffman_tables(MJpegDecodeContext *s) int i, ret; for (i = 0; i < FF_ARRAY_ELEMS(ht); i++) { + ff_free_vlc(&s->vlcs[ht[i].class][ht[i].index]); ret = ff_mjpeg_build_vlc(&s->vlcs[ht[i].class][ht[i].index], ht[i].bits, ht[i].values, ht[i].class == 1, s->avctx); From patchwork Sat Apr 3 14:22:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 26722 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 81AC744BA19 for ; Sat, 3 Apr 2021 17:22:44 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 64A3468A7DD; Sat, 3 Apr 2021 17:22:44 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR06-AM7-obe.outbound.protection.outlook.com (mail-am7eur06olkn2081.outbound.protection.outlook.com [40.92.16.81]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3450C68A42C for ; Sat, 3 Apr 2021 17:22:37 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ByVe7Hhfk5c4coky4OnVDIv4Sx9UNRI4lh12cjIffbEmu5TOJu/vBLUqSgfYR8MZaMEcYbmjnhj/DCJPoi8ESrN8JiQJg1afQNqIQfOLI20YFUYpFbfBRWT9loUEcRPHUcGpK9mU8i0Ru/adEmH4vBLFpK9Y3vq9JZv4f1QUhYdfgBwSQIX1wgm4BBv+3b0+OA8XNAPmBiqKAKo7DpXg7YpYctQwpbeuM/QcGHA38Y830xp0zdasR0qLCzSPV9Krfp+LxUN8il44a6URvLQMlOkiz7wLc6y7x+ZO7Ibzz0fBnIPHfVGw4TCy2306+D4mD8KGkJ2uYH3gbs6X58LVXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8rx/4ZK0fWGR+DJeYxsncQGq5wVOCRPfiWXBTMCvtNA=; b=YEtW5g1psCWhNWzGmFvMPl2Ns+PFd1OlfkZACivntOE3xw96K7fqf0WP48+4vEsq27ZEQZqU5L2Wglnfne/6LSP5bjYjrh8W4T3AJEXt8B9iGaTGTsi7Ayh4N+Z+e9lYVr/DVHu70voxsQUiSJ6ODfND7oVO50FGJw52/v8oTvvJkIuRtv2YcTU1GTF5wNZhqIcDTSvj43h0gtQPHGvUSqA3mguQOwDjtnmxarjTLycwfpmtbySJMOm0u6C4kUsnLNhSMdy2JgwNNIWCx/rfhMS2sVg93SRSaLzpB9DbbxZUX2JkXCWp4d4ZWJcYvrXqcJpSRqQ8DmcEdyBxcm6WQw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8rx/4ZK0fWGR+DJeYxsncQGq5wVOCRPfiWXBTMCvtNA=; b=Sh1nR2BmZ9Y7h8v4G/gY6kdIc2KMwhuZyzkucUt3VDlYSm1fORLwJfIZYuMXus/Q5kFnq0M0eHeaOC2yf5UTzf8Hb+yHGpYqqFYnwjJ0ASwNgcGMPRJjLvA2BpLLwlONhGrgUIzd6j9XTPHNbKhDRQGWv6jpLAus+m9mpUr1LZ8+N+IDYBw1q2FedebFCWF/tYqpxbprSEvcp9ZRihbM6hbPJX0IONjTM8/HCYaYqKmIdIs3iz73NixCckE6zjiZmHCZa6HOec+APLHePTo9LkWCf/pbQquz+WRZAjSgfTMVYVlzVTyjN4h2rihK9zu9+CvEL8nOrjw+vnib/yrgXA== Received: from DB8EUR06FT044.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc35::4e) by DB8EUR06HT197.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc35::256) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28; Sat, 3 Apr 2021 14:22:35 +0000 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com (2a01:111:e400:fc35::4d) by DB8EUR06FT044.mail.protection.outlook.com (2a01:111:e400:fc35::280) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28 via Frontend Transport; Sat, 3 Apr 2021 14:22:35 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:43EFB569DD29CFF286EE8CC997998D3627046F7276240785366B463D2AE689D4; UpperCasedChecksum:BD448FFD65EA099724E88A5E5C034CEA286B748C98E239775A2BC60754D667BB; SizeAsReceived:7580; Count:48 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21]) by HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21%3]) with mapi id 15.20.3999.032; Sat, 3 Apr 2021 14:22:35 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 3 Apr 2021 16:22:26 +0200 Message-ID: X-Mailer: git-send-email 2.27.0 In-Reply-To: References: X-TMN: [xuNV7IrNV8Inv8zL7S2UvW9EvTkKmxic] X-ClientProxiedBy: AM0PR07CA0023.eurprd07.prod.outlook.com (2603:10a6:208:ac::36) To HE1PR0301MB2154.eurprd03.prod.outlook.com (2603:10a6:3:2a::22) X-Microsoft-Original-Message-ID: <20210403142227.3388037-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.192.137.96) by AM0PR07CA0023.eurprd07.prod.outlook.com (2603:10a6:208:ac::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.8 via Frontend Transport; Sat, 3 Apr 2021 14:22:35 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 48 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 9ed16348-2a4a-42ee-7d69-08d8f6abed70 X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiQPaLYvx5HwmzXq2KsiysPm8j+QZW+nt37Zf2NG5NfBrQeT3hvfHLLHS2dBDrKTzICIoppTEsT6b7/fDYktfNffbO0ESwUS9e7fRI6fjw4hNtwq2ljkEZIkzVQ0Dgz3wEC01RQ93seWURAs9Fhbrz0TUFkuiE90o9NZbXp4+VNvFI8LZK4/D4KjhkOFMZLaiBNvSmu+rL1K5a/YnI/kMUMKEAZuIgRbTYnVyzMboAV45A0N+76+4XC6tKxS7LJpB0V12MoyAeii9w1hM7k8589L1Vro2o6pYKhtWdCl0q7fGzrcDIug4tHJSnuElwjvVbOL22K9xDK6C+Pts3ADLHs24VyxdD1lmVC3/lwTh4nI31oriWmbnrsSJHIJUV/uiOJuerAP2quSjB24Qu+WKcXkWkdViG8YsJqK6PD8fyDsoyQRdEmwUrhVnMhKR0d7jS4vkhz1jr5iPrHAuWtH0iUP75aI7SwdC+yrQrS1tQlq1XD5LbJXXc1iHav1JN48m3xxSoiEMQ5tsXl0MtureOhn6fCINI5/uxS4EpInZ801nYUWCYXLUU/xc6R8wyTInD6qRTialrX5jOBIzWnyVjDb8q8OoNAfSqYWNd+BLEQEfYBl2X67/HTyoEdBevTO8ezbmWupt4OafmmVpx1dxTRTlYm9Kc7hJ6yH4f0AZg6ZrUNzaA8ZINuq1MGgCNwHP7zksTj7SI5hF+HREK24cBO6f8/HERwCMkTwf5beXtwp3/jijJ3gqAjqR+UgGJY6v10= X-MS-TrafficTypeDiagnostic: DB8EUR06HT197: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: js8TBUgvwKFs1i8WWvwAUi1PRkTB1GqfcISA4M1C72W41zOZqTUm0NTu4mZHvJswu8hWkTSzpJ4Joxyf+k6e0yvVS1HlXJb9J8dJuFM1RZnf3Zu3Q/zNgfZCyfE3JVmQFhwMC8HGHMH/yg8vhfp3HVULgw+OLXcesDdkxdhTKF0VRAEBXSn2OukF2l8WsiASG//2onOMQqOmgDMDY3KZNP+KD4mIQe2b49hjRgvgmQ+WV7RiijTrRSh6sWwokhdv2FGoisPwte7yCEI+3Opx6veOGRbzu2kKPgC1+pMu7tp6hW1r2yifczmtipWP/Ddxs6WJ2fRg1cswxpUrSdbJDRf3l1bqKxYi4YC46YBm0Wxps67G2oiJH3VVqwk50BPjzXz5rPyKj+VK6pxTd8OHvQ== X-MS-Exchange-AntiSpam-MessageData: AjLyWa+IEiybhNXM7q/uM1o9+ADtCBt8zlZAZjzPmJj1UOBw+0APJifx9giEgYE7QBXQGmLYBzAKal1TLlUlBX/xxNv0/gaASG9xroz7EBLiVilQLjwciOAvi/VMOeAGK+NqGj24sw1M+KFqeGDDfA== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9ed16348-2a4a-42ee-7d69-08d8f6abed70 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Apr 2021 14:22:35.8437 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: DB8EUR06FT044.eop-eur06.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8EUR06HT197 Subject: [FFmpeg-devel] [PATCH 2/3] avcodec/mjpegdec: Check initializing Huffman tables X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Andreas Rheinhardt --- Is it actually intended that the decoder tries to use external Huffman tables purely based on the value of the option, even when there is no extradata at all (in which case init_get_bits() fails)? libavcodec/mjpegdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 776797d35b..d0c933b52e 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -154,7 +154,8 @@ av_cold int ff_mjpeg_decode_init(AVCodecContext *avctx) if (ff_mjpeg_decode_dht(s)) { av_log(avctx, AV_LOG_ERROR, "error using external huffman table, switching back to internal\n"); - init_default_huffman_tables(s); + if ((ret = init_default_huffman_tables(s)) < 0) + return ret; } } if (avctx->field_order == AV_FIELD_BB) { /* quicktime icefloe 019 */ From patchwork Sat Apr 3 14:22:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 26723 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id BD88B44BA19 for ; Sat, 3 Apr 2021 17:22:52 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A7C4068A78B; Sat, 3 Apr 2021 17:22:52 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR06-VI1-obe.outbound.protection.outlook.com (mail-vi1eur06olkn2040.outbound.protection.outlook.com [40.92.17.40]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7166168A609 for ; Sat, 3 Apr 2021 17:22:46 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UiQFLT7sxFBc76R7dJb1M8ar4BGHp4BgU9JVuWLyl0DP04wTDeROBHrteauMPjl/UTLQD/u40c8VatkytYIo8Ex67oTuYOgjHZq4KwyixeeBcaOJ+lMMjCXvptKShaAgLdeqJ4IQT6EvMzNp3sYsl7QRlh2C2yhgrSdvL/299qOwKD0M9qaeKxsa38spbnUvc4fc6jsedGaC+rnwK6gucm9qbJ5GD2kjawo9F0j5gBD8kAUD8ZqOAjgYHJfijblJ9fpdgj8FzdIZ5ttNkkxJF4grxlOOMqLTMYksBVon6AgAHVdEFQcfEMdUnv2vQx5JEfJ0Tpr5jm0pjf/+b/0bZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/ZAB5nliO8mSeD83HkhrZzOfYNd6Euhjs6WAafOHy1Y=; b=kXSz3M7pVs3lkvN/5EBgFJwNzbHWMzOKgGtO3d/eSSuTH3rSJ4N2folE1M2FKy/sMczNglytjcwxEBWTa6C5P2QDUpaC6isiMkD157vM3qE9dEEORGoP4rcbmgwIYMKE7g3ZeTArhesvpe3NgM0potIS/deGuYO43jT8hlvAexlJxzQ+Ysbu4TlA8rEH3WONagiRYhUNHv+pjaYCr/FIuhdLVr9/6FtKblCQyXlBGHMQybGXAfeB/6/S24b+HDkuyHeWvuzzXvHISOWHPanhsbwgyDMX+UrMfib8N26FJ/3n0s6YVww9oD5iZ+bJcruBJzO9Ty8sfbc4nS4qiOYigw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/ZAB5nliO8mSeD83HkhrZzOfYNd6Euhjs6WAafOHy1Y=; b=foRGuAnG/69ZBSiJfddbGjf2HRLqsZvLdmwFZXzabMo+nUvBu9VjwIsaw8/4XTyG1Rh/MqHsfgBDoHnLybIeA3GlLSgPuA9nMeUtoNb4+NufANX31NkS16dGzc79+mVyOrVFgL0SXT96gw4udrcHIenM/P/EaaGDbQHAm+/D6OMrUle3vkY+a7k8KkJTHWjgqKrruU17M6lTjhhzSw4ziRND+HZpAYnJt4R+/TDalAXXc3pa9MAhnMAf2niOW7rRZ4djkhidgSPyzyZ5jBQei1aUCiB0IadRt+qFU1loHG6PK98y4EgCgPg50ojcMN9SQ1LAnR+ckaZoqnmV1h+6yw== Received: from DB8EUR06FT044.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc35::48) by DB8EUR06HT029.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc35::299) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28; Sat, 3 Apr 2021 14:22:45 +0000 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com (2a01:111:e400:fc35::4d) by DB8EUR06FT044.mail.protection.outlook.com (2a01:111:e400:fc35::280) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28 via Frontend Transport; Sat, 3 Apr 2021 14:22:45 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:3917E52DD353D4E8831CABAC2CF23F4426A30402B6533867CAF789FA4139570C; UpperCasedChecksum:BAE67F16EB81F1D5FEEC1B13D7F3DECC3CAA4CDDC72A76768AA43AE54848BE22; SizeAsReceived:7599; Count:48 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21]) by HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21%3]) with mapi id 15.20.3999.032; Sat, 3 Apr 2021 14:22:45 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 3 Apr 2021 16:22:27 +0200 Message-ID: X-Mailer: git-send-email 2.27.0 In-Reply-To: References: X-TMN: [+UAV5i09V1dAKkLykj2Dsxk0as1qgZMs] X-ClientProxiedBy: AM0PR07CA0023.eurprd07.prod.outlook.com (2603:10a6:208:ac::36) To HE1PR0301MB2154.eurprd03.prod.outlook.com (2603:10a6:3:2a::22) X-Microsoft-Original-Message-ID: <20210403142227.3388037-2-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.192.137.96) by AM0PR07CA0023.eurprd07.prod.outlook.com (2603:10a6:208:ac::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.8 via Frontend Transport; Sat, 3 Apr 2021 14:22:44 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 48 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: bd03f954-6a6a-4416-01e4-08d8f6abf327 X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiQPaLYvx5HwmzXq2KsiysPmsbMStgQJB1XIiSum+VBstvD28WfRmh4ffVfV/G6OSEzAjKu2kUXIr9EQZWWcvKiq408uIefrZYhe9avzqfmLExi9q1AtxGcXgz7j7GvvT/Q3QcYpmAxpXs8wkZlSPJMXoXI2qjE959QgWlcKKhyV3Bj0WFPIL3TGox6A0NneHxcePMghjFuKqBl75RH8Rf+WHxojBD18NPQfWbfZb6V2dXqMnYq+O+hR0sbTVa+zo7AsIkIFpLR579/+eDkDTEQGkTlNphX796cqapATndgzO79KPXNhb2Vr68AMS41gP4RYNk39RrHOrUNy1wjb+o7TilwhO9uRiPx1dXYrL2WYQlOc0BSTQzqljgM7Pxcd9DkcOOS8HFz1zVjiRJkeiW/UUfCROHDnabBLZd9uyhZIooZWlL88swG/K4FgeeQuiAdthElBLkgDdEJZ3T9B7EQlDJ10VuGzbYNkn8hRX18Wol/Wz8eNXNgRLVxMeX+sCAwa3M4yuMGv6gcuT6Ej96ibcwi7TWcjZ8EkS3YCSo42WrWqOyaRN1VqiZ4BZE1lVvNTlCG7FHbh+qjWKxKd5m8Ax5KKOen1G5qaGR1IU8P2sCQB9KDPOtHj0hIqN56nJazwW16c0vSwKXLGi+l6322quBC9ia/R+LLFvNK60OB1hpipSFeVf7pueQ/2VKpDFkKTOhjACpb8FgSXxjbRjvqwEHi9tPjFA2orbORw7tcZ0oC1vNhdrtAAxv+f/o7GfPk= X-MS-TrafficTypeDiagnostic: DB8EUR06HT029: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bYWef7/jbaJseMEmWaJONfI1aD7GKZTh8W0tbcE9UZT3OxjAXrRZvqCbFLij4z11S5QgQtcsEpn7pHCrtuZ6NfS26UqDtvaWi69L2e2My2I875pEsAMg5bykz3E6KKreJTtFWHyjRIBqonmMAkHdqO0jHatxyCG8E8oTHjG/f5idi4ml1d6p9mpXh2UXCdXjXkZVFj+iIMSpmHG8ODl5h0dSUdaXrmYK8aVMIQQPRsHIENZu/t8S/thXJr4YguYAiCOumKtbdNOx1VlslTLF0nuwzVomehEkLGgV8JqgDbuyn92ROnUmEIoh7PBUNxcq4lkoh6zqdybXIbycZI6M+mGgU0kmlclINWD1JaAonFkBgcZef8j01aQw3Ub/X3D+1sWsf1pyi+qN2UAR1/diUltXV6QEYR0WrLq6EZNJm6AMQNMhxEe+ala44JUMG/Dz X-MS-Exchange-AntiSpam-MessageData: lPc0iY8SWvT3X/BbeY3/MnxBhvE/zaya6Txs5firDCFB5lF+0jUtfXw/j5ru18ONoOlncTxpYmg21yAvfcdKG25ks4R2hNEnQYrkNw/1L9zDfHPh53mCSdJNvNHYCbc9Jm8aTicOnM6EvD/hy4uVgw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: bd03f954-6a6a-4416-01e4-08d8f6abf327 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Apr 2021 14:22:45.3974 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: DB8EUR06FT044.eop-eur06.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8EUR06HT029 Subject: [FFmpeg-devel] [PATCH 3/3] avcodec/mjpegdec: Fix leak in case ICC array allocations partially fail X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" If only one of the two arrays used for the ICC profile could be successfully allocated, it might be overwritten and leak when the next ICC entry is encountered. Fix this by using a common struct, so that one has only one array to allocate. Signed-off-by: Andreas Rheinhardt --- See https://github.com/drewnoakes/metadata-extractor/issues/65 for a sample. libavcodec/mjpegdec.c | 28 +++++++++++++--------------- libavcodec/mjpegdec.h | 8 ++++++-- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index d0c933b52e..f3d9e99aab 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -2088,28 +2088,26 @@ static int mjpeg_decode_app(MJpegDecodeContext *s) /* Allocate if this is the first APP2 we've seen. */ if (s->iccnum == 0) { - s->iccdata = av_mallocz(nummarkers * sizeof(*(s->iccdata))); - s->iccdatalens = av_mallocz(nummarkers * sizeof(*(s->iccdatalens))); - if (!s->iccdata || !s->iccdatalens) { + if (!FF_ALLOCZ_TYPED_ARRAY(s->iccentries, nummarkers)) { av_log(s->avctx, AV_LOG_ERROR, "Could not allocate ICC data arrays\n"); return AVERROR(ENOMEM); } s->iccnum = nummarkers; } - if (s->iccdata[seqno - 1]) { + if (s->iccentries[seqno - 1].data) { av_log(s->avctx, AV_LOG_WARNING, "Duplicate ICC sequence number\n"); goto out; } - s->iccdatalens[seqno - 1] = len; - s->iccdata[seqno - 1] = av_malloc(len); - if (!s->iccdata[seqno - 1]) { + s->iccentries[seqno - 1].length = len; + s->iccentries[seqno - 1].data = av_malloc(len); + if (!s->iccentries[seqno - 1].data) { av_log(s->avctx, AV_LOG_ERROR, "Could not allocate ICC data buffer\n"); return AVERROR(ENOMEM); } - memcpy(s->iccdata[seqno - 1], align_get_bits(&s->gb), len); + memcpy(s->iccentries[seqno - 1].data, align_get_bits(&s->gb), len); skip_bits(&s->gb, len << 3); len = 0; s->iccread++; @@ -2318,11 +2316,11 @@ static void reset_icc_profile(MJpegDecodeContext *s) { int i; - if (s->iccdata) + if (s->iccentries) { for (i = 0; i < s->iccnum; i++) - av_freep(&s->iccdata[i]); - av_freep(&s->iccdata); - av_freep(&s->iccdatalens); + av_freep(&s->iccentries[i].data); + av_freep(&s->iccentries); + } s->iccread = 0; s->iccnum = 0; @@ -2838,7 +2836,7 @@ the_end: /* Sum size of all parts. */ for (i = 0; i < s->iccnum; i++) - total_size += s->iccdatalens[i]; + total_size += s->iccentries[i].length; sd = av_frame_new_side_data(frame, AV_FRAME_DATA_ICC_PROFILE, total_size); if (!sd) { @@ -2848,8 +2846,8 @@ the_end: /* Reassemble the parts, which are now in-order. */ for (i = 0; i < s->iccnum; i++) { - memcpy(sd->data + offset, s->iccdata[i], s->iccdatalens[i]); - offset += s->iccdatalens[i]; + memcpy(sd->data + offset, s->iccentries[i].data, s->iccentries[i].length); + offset += s->iccentries[i].length; } } diff --git a/libavcodec/mjpegdec.h b/libavcodec/mjpegdec.h index 732aeab994..0d69d9101b 100644 --- a/libavcodec/mjpegdec.h +++ b/libavcodec/mjpegdec.h @@ -44,6 +44,11 @@ #define MAX_COMPONENTS 4 +typedef struct ICCEntry { + uint8_t *data; + int length; +} ICCEntry; + typedef struct MJpegDecodeContext { AVClass *class; AVCodecContext *avctx; @@ -138,8 +143,7 @@ typedef struct MJpegDecodeContext { const AVPixFmtDescriptor *pix_desc; - uint8_t **iccdata; - int *iccdatalens; + ICCEntry *iccentries; int iccnum; int iccread;