[FFmpeg-devel] [PATCH 2/2] webmdashenc: Fix potential leak in realloc
Vignesh Venkatasubramanian
vigneshv at google.com
Mon Apr 13 22:58:30 CEST 2015
On Mon, Apr 13, 2015 at 12:48 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
> On Mon, Apr 13, 2015 at 12:16:44PM -0700, Vignesh Venkatasubramanian wrote:
>> Fix potential leak in av_realloc call where the output was being
>> overwritten by using a temporary variable.
>>
>> Signed-off-by: Vignesh Venkatasubramanian <vigneshv at google.com>
>> ---
>> libavformat/webmdashenc.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c
>> index 80266f7..0f915fd 100644
>> --- a/libavformat/webmdashenc.c
>> +++ b/libavformat/webmdashenc.c
>> @@ -419,9 +419,10 @@ static int parse_adaptation_sets(AVFormatContext *s)
>> if (*p == ' ')
>> continue;
>> else if (state == new_set && !strncmp(p, "id=", 3)) {
>> - w->as = av_realloc(w->as, sizeof(*w->as) * ++w->nb_as);
>> - if (w->as == NULL)
>> + void *mem = av_realloc(w->as, sizeof(*w->as) * ++w->nb_as);
>> + if (mem == NULL)
>> return AVERROR(ENOMEM);
>
> nb_as will be 1 larger than the array in the return case
> is that intended / safe ?
>
yes, that value shouldn't be used anywhere else. anyway, i'm reworking
a lot of error handling in this file. so this is fine for now.
> [...]
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> DNS cache poisoning attacks, popular search engine, Google internet authority
> dont be evil, please
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
--
Vignesh
More information about the ffmpeg-devel
mailing list