[FFmpeg-cvslog] avcodec/cbs_mpeg2: fix leak of extra_information_slice buffer in cbs_mpeg2_read_slice_header()

James Almer git at videolan.org
Sun Jul 21 07:22:02 EEST 2019


ffmpeg | branch: release/4.1 | James Almer <jamrial at gmail.com> | Wed May 22 03:04:38 2019 +0200| [ae5c80b9cae8716085eaacd887c28378ae99233b] | committer: James Almer

avcodec/cbs_mpeg2: fix leak of extra_information_slice buffer in cbs_mpeg2_read_slice_header()

cbs_mpeg2_free_slice() calls av_buffer_unref() on extra_information_ref,
meaning allocating with av_malloc() was not the intention.

Signed-off-by: James Almer <jamrial at gmail.com>
(cherry picked from commit d903c09d9a5c641223f0810d24161520e977544a)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ae5c80b9cae8716085eaacd887c28378ae99233b
---

 libavcodec/cbs_mpeg2_syntax_template.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libavcodec/cbs_mpeg2_syntax_template.c b/libavcodec/cbs_mpeg2_syntax_template.c
index 88cf453b17..672ff66141 100644
--- a/libavcodec/cbs_mpeg2_syntax_template.c
+++ b/libavcodec/cbs_mpeg2_syntax_template.c
@@ -361,10 +361,11 @@ static int FUNC(slice_header)(CodedBitstreamContext *ctx, RWContext *rw,
             current->extra_information_length = k;
             if (k > 0) {
                 *rw = start;
-                current->extra_information =
-                    av_malloc(current->extra_information_length);
-                if (!current->extra_information)
+                current->extra_information_ref =
+                    av_buffer_alloc(current->extra_information_length);
+                if (!current->extra_information_ref)
                     return AVERROR(ENOMEM);
+                current->extra_information = current->extra_information_ref->data;
                 for (k = 0; k < current->extra_information_length; k++) {
                     xui(1, extra_bit_slice, bit, 0);
                     xui(8, extra_information_slice[k],



More information about the ffmpeg-cvslog mailing list