[FFmpeg-cvslog] avcodec/truemotion2: Avoid duplicating array, fix memleak

Andreas Rheinhardt git at videolan.org
Sat Aug 29 19:57:36 EEST 2020


ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sat Aug 29 09:40:39 2020 +0200| [5ff2ff6bd9cd9e08729060d330e381a09972c498] | committer: Andreas Rheinhardt

avcodec/truemotion2: Avoid duplicating array, fix memleak

TrueMotion 2.0 uses Huffmann trees. To parse them, the decoder allocates
arrays for the codes, their lengths and their value; afterwards a VLC
table is initialized using these values. If everything up to this point
succeeds, a new buffer of the same size as the already allocated arrays
for the values is allocated and upon success the values are copied into
the new array; all the old arrays are then freed. Yet if allocating the
new array fails, the old arrays get freed, but the VLC table doesn't.

This leak is fixed by not allocating a new array at all; instead the old
array is simply reused, ensuring that nothing can fail after the
creation of the VLC table.

Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ff2ff6bd9cd9e08729060d330e381a09972c498
---

 libavcodec/truemotion2.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c
index d90a8baff3..a1d4eea340 100644
--- a/libavcodec/truemotion2.c
+++ b/libavcodec/truemotion2.c
@@ -200,8 +200,6 @@ static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code)
 
     /* convert codes to vlc_table */
     if (res >= 0) {
-        int i;
-
         res = init_vlc(&code->vlc, huff.max_bits, huff.max_num,
                        huff.lens, sizeof(int), sizeof(int),
                        huff.bits, sizeof(uint32_t), sizeof(uint32_t), 0);
@@ -210,13 +208,8 @@ static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code)
         else {
             code->bits = huff.max_bits;
             code->length = huff.max_num;
-            code->recode = av_malloc_array(code->length, sizeof(int));
-            if (!code->recode) {
-                res = AVERROR(ENOMEM);
-                goto out;
-            }
-            for (i = 0; i < code->length; i++)
-                code->recode[i] = huff.nums[i];
+            code->recode = huff.nums;
+            huff.nums = NULL;
         }
     }
 



More information about the ffmpeg-cvslog mailing list