[FFmpeg-devel] [PATCH 1/2] avformat: fix memory corruption when free AVStream

Nicolas George george at nsup.org
Wed Mar 5 19:42:26 CET 2014


Le quintidi 15 ventôse, an CCXXII, tony_nie at realsil.com.cn a écrit :
> From: tony_nie <tony_nie at realsil.com.cn>
> 
> Make shure buffer had beed alloced before free it.

"Sure", no "h".

> 
> Signed-off-by: tony_nie <tony_nie at realsil.com.cn>
> ---
>  libavformat/utils.c |   16 ++++++++++++----
>  1 file changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index 4e262b1..658d373 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -3521,10 +3521,18 @@ void ff_free_stream(AVFormatContext *s, AVStream *st) {
>      av_freep(&st->codec->extradata);
>      av_freep(&st->codec->subtitle_header);
>      av_freep(&st->codec);
> -    av_freep(&st->priv_data);
> -    if (st->info)
> -        av_freep(&st->info->duration_error);
> -    av_freep(&st->info);
> +
> +    if (st->priv_data) {
> +        av_freep(&st->priv_data);
> +    }
> +
> +    if (st->info) {
> +        if (st->info->duration_error) {
> +            av_freep(&st->info->duration_error);
> +        }
> +        av_freep(&st->info);
> +    }

Unless I am mistaken, all your patch is doing is change "freep(&foo);" into
"if (foo) { freep(&foo); }". Calling freep() on a NULL pointer is valid and
does nothing, so I do not see what the point is.

> +
>      av_freep(&s->streams[ --s->nb_streams ]);
>  }
>  

Regards,

-- 
  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140305/cc3eb965/attachment.asc>


More information about the ffmpeg-devel mailing list