[FFmpeg-cvslog] avformat/avidec: Fix memleak with embedded GAB2 subtitles

Andreas Rheinhardt git at videolan.org
Thu Jul 2 14:12:04 EEST 2020


ffmpeg | branch: release/4.0 | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Fri Mar 27 08:31:29 2020 +0100| [f9f3fd9387921957ee93b8081e355596b49e6e82] | committer: Andreas Rheinhardt

avformat/avidec: Fix memleak with embedded GAB2 subtitles

The code for GAB2 subtitles predates refcounting AVPackets. So in order
to transfer the ownership of a packet's data pkt->data was simply stored
and the packet zeroed; in the end (i.e. in the read_close-function) this
data was then simply freed with av_freep(). This of course leads to a leak
of an AVBufferRef and an AVBuffer. It has been fixed by keeping and
eventually unreferencing the packet's buf instead.

Additionally, the packet is now reset via av_packet_unref().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
(cherry picked from commit da44bbefaabeb2fdb58a03fe533a44aa150486fc)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9f3fd9387921957ee93b8081e355596b49e6e82
---

 libavformat/avidec.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 72a6749704..11f726b897 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -61,7 +61,7 @@ typedef struct AVIStream {
 
     AVFormatContext *sub_ctx;
     AVPacket sub_pkt;
-    uint8_t *sub_buffer;
+    AVBufferRef *sub_buffer;
 
     int64_t seek_pos;
 } AVIStream;
@@ -1118,8 +1118,9 @@ static int read_gab2_sub(AVFormatContext *s, AVStream *st, AVPacket *pkt)
             time_base = ast->sub_ctx->streams[0]->time_base;
             avpriv_set_pts_info(st, 64, time_base.num, time_base.den);
         }
-        ast->sub_buffer = pkt->data;
-        memset(pkt, 0, sizeof(*pkt));
+        ast->sub_buffer = pkt->buf;
+        pkt->buf = NULL;
+        av_packet_unref(pkt);
         return 1;
 
 error:
@@ -1906,7 +1907,7 @@ static int avi_read_close(AVFormatContext *s)
                 av_freep(&ast->sub_ctx->pb);
                 avformat_close_input(&ast->sub_ctx);
             }
-            av_freep(&ast->sub_buffer);
+            av_buffer_unref(&ast->sub_buffer);
             av_packet_unref(&ast->sub_pkt);
         }
     }



More information about the ffmpeg-cvslog mailing list