[FFmpeg-devel] [PATCH] Fix mem leak interrupt during avformat_open_input

Michael Niedermayer michaelni at gmx.at
Sat Apr 5 17:33:30 CEST 2014 

On Thu, Apr 03, 2014 at 07:48:36AM +0000, Schenk, Michael wrote:
> Hi!,
> 
> when using interrupt_callback during avformat_open_input(...) it may happen on certain demux that they
> leak memory because iformat->read_close() will not be called in the error path. The attached patch
> fix that.
> 
> Feedback welcome.
> 
> Cheers
> 
> Michael

>  utils.c |    7 +++++++
>  1 file changed, 7 insertions(+)
> 0bd2d5039595099bb4b3733fea86c64f980b505a  fix_memleak_abort_avformat_open_input.patch
> --- ffmpeg-HEAD-fd2bcfc.org/libavformat/utils.c	2014-04-03 03:26:27.000000000 +0200
> +++ ffmpeg-HEAD-fd2bcfc/libavformat/utils.c	2014-04-03 09:32:07.393175139 +0200
> @@ -598,6 +598,13 @@
>  fail:
>      ff_id3v2_free_extra_meta(&id3v2_extra_meta);
>      av_dict_free(&tmp);
> +
> +	if (s->iformat) {
> +		if (s->iformat->read_close) {
> +			s->iformat->read_close(s);
> +		}
> +	}

this crashes

example:
==505== Invalid read of size 8
==505==    at 0xD0AB4E: av_freep (mem.c:239)
==505==    by 0x562F80: mov_read_close (mov.c:3347)
==505==    by 0x610727: avformat_open_input (utils.c:604)
==505==    by 0x419748: open_input_file (ffmpeg_opt.c:844)
==505==    by 0x4216C4: open_files (ffmpeg_opt.c:2610)
==505==    by 0x421842: ffmpeg_parse_options (ffmpeg_opt.c:2647)
==505==    by 0x4344BF: main (ffmpeg.c:3717)
==505==  Address 0x8 is not stack'd, malloc'd or (recently) free'd


for this patch to be acceptable, as many as possible of the error
pathes that trigger this code would have to be tested
testing it with many fuzzed files would cover some of this ...

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

DNS cache poisoning attacks, popular search engine, Google internet authority
dont be evil, please
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140405/6c90e67d/attachment.asc>

More information about the ffmpeg-devel mailing list