[FFmpeg-devel] [PATCH] use av_mallocz() in vorbis_comment()

Thu Feb 12 08:44:01 CET 2009

On 02/12/2009 03:45 AM, Justin Ruggles wrote:
> M?ns Rullg?rd wrote:
>   
>> Justin Ruggles <justin.ruggles at gmail.com> writes:
>>
>>     
>>> Hi,
>>>
>>> This patch avoids allocating memory on the stack based on decoded stream
>>> values which can be up to 32-bit.  Mans has pointed out that the current
>>> version is not a security risk, it would just crash with SIGSEGV for
>>> really large metadata.  This patch skips the single metadata tag if
>>> allocation fails and continues try to the next tag.
>>>
>>> Thanks,
>>> Justin
>>>
>>>
>>> Index: libavformat/oggparsevorbis.c
>>> ===================================================================
>>> --- libavformat/oggparsevorbis.c	(revision 17145)
>>> +++ libavformat/oggparsevorbis.c	(working copy)
>>> @@ -71,15 +71,21 @@
>>>          v++;
>>>  
>>>          if (tl && vl) {
>>> -            char tt[tl + 1];
>>> -            char ct[vl + 1];
>>> +            char *tt, *ct;
>>>  
>>> +            tt = av_mallocz(tl + 1);
>>> +            ct = av_mallocz(vl + 1);
>>>       
>> Why mallocz?  It's being written again immediately below.
>>     
>
> No particular reason. New patch attached.
>
>   

isn't this patch missing some av_freep ?

Ben