[FFmpeg-devel] [PATCH] avcodec/avpacket: fix leak on realloc in av_packet_add_side_data()

James Almer jamrial at gmail.com
Sat Nov 19 18:10:27 EET 2016


If realloc fails, the pointer is overwritten and the previously allocated buffer
is leaked, which goes against the expected functionality of keeping the packet
unchanged in case of error.

Signed-off-by: James Almer <jamrial at gmail.com>
---
Should i backport this to affected branches?

 libavcodec/avpacket.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index c3f871c..e5a8bdb 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -295,16 +295,17 @@ FF_ENABLE_DEPRECATION_WARNINGS
 int av_packet_add_side_data(AVPacket *pkt, enum AVPacketSideDataType type,
                             uint8_t *data, size_t size)
 {
+    AVPacketSideData *tmp;
     int elems = pkt->side_data_elems;
 
     if ((unsigned)elems + 1 > INT_MAX / sizeof(*pkt->side_data))
         return AVERROR(ERANGE);
 
-    pkt->side_data = av_realloc(pkt->side_data,
-                                (elems + 1) * sizeof(*pkt->side_data));
-    if (!pkt->side_data)
+    tmp = av_realloc(pkt->side_data, (elems + 1) * sizeof(*tmp));
+    if (!tmp)
         return AVERROR(ENOMEM);
 
+    pkt->side_data = tmp;
     pkt->side_data[elems].data = data;
     pkt->side_data[elems].size = size;
     pkt->side_data[elems].type = type;
-- 
2.10.1



More information about the ffmpeg-devel mailing list