[FFmpeg-devel] [PATCH] avformat/tedcaptionsdec: Fix leak of AVBPrint upon error

Nicolas George george at nsup.org
Sun Sep 20 17:54:28 EEST 2020

Andreas Rheinhardt (12020-09-20):
> The tedcaptions demuxer uses an AVBPrint whose string is not restricted
> to its internal buffer; it therefore needs to be cleaned up, yet this is
> not done on error, as parse_file() returned simply returned directly.
> This is fixed by going to fail first in such cases.
> Furthermore, there is also a second way how this string can leak: By
> having more than one subtitle per subtitle block, as the new one simply
> overwrites the old one in this case as the AVBPrint is initialized each
> time upon encountering a subtitle line. The code has been modified to
> simply append the new subtitle to the old one, so that the old one can't
> leak any more.
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
>  libavformat/tedcaptionsdec.c | 73 ++++++++++++++++++------------------
>  1 file changed, 36 insertions(+), 37 deletions(-)

Should be ok.

I notice that the code calls ff_subtitles_queue_insert() without
checking if the buffer is truncated. It should be fixed too, but that
is separate from this patch.


  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200920/7c1780ea/attachment.sig>

More information about the ffmpeg-devel mailing list