[FFmpeg-devel] [PATCH] mxfdec: fix double free
Tomas Härdin
tomas.hardin at codemill.se
Tue Dec 11 13:19:49 CET 2012
On Sun, 2012-12-09 at 19:29 +0100, Michael Niedermayer wrote:
> On Sun, Dec 09, 2012 at 06:55:57PM +0100, Tomas Härdin wrote:
> > Future patch idea: check that extradata hasn't already been parsed when
> > parsing the descriptor. That would avoid a potential memory leak.
>
> something like this: ?
>
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index a1884f1..7af9193 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -866,6 +866,10 @@ static int mxf_read_generic_descriptor(void *arg, AVIOContext *pb, int tag, int
> default:
> /* Private uid used by SONY C0023S01.mxf */
> if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata)) {
> + if (descriptor->extradata)
> + av_log(NULL, AV_LOG_WARNING, "Duplicate sony_mpeg4_extradata\n");
> + av_free(descriptor->extradata);
> + descriptor->extradata_size = 0;
> descriptor->extradata = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE);
> if (!descriptor->extradata)
> return AVERROR(ENOMEM);
Yeah, that looks fine. Btw, FF_INPUT_BUFFER_PADDING_SIZE can be dropped
since the padding is done in mxf_parse_structural_metadata() now.
/Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20121211/06e499f9/attachment.asc>
More information about the ffmpeg-devel
mailing list