[FFmpeg-devel] [PATCH 2/2] webmdashenc: Fix potential leak in realloc

Michael Niedermayer michaelni at gmx.at
Tue Apr 14 12:38:08 CEST 2015


On Mon, Apr 13, 2015 at 01:58:30PM -0700, Vignesh Venkatasubramanian wrote:
> On Mon, Apr 13, 2015 at 12:48 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
> > On Mon, Apr 13, 2015 at 12:16:44PM -0700, Vignesh Venkatasubramanian wrote:
> >> Fix potential leak in av_realloc call where the output was being
> >> overwritten by using a temporary variable.
> >>
> >> Signed-off-by: Vignesh Venkatasubramanian <vigneshv at google.com>
> >> ---
> >>  libavformat/webmdashenc.c | 5 +++--
> >>  1 file changed, 3 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c
> >> index 80266f7..0f915fd 100644
> >> --- a/libavformat/webmdashenc.c
> >> +++ b/libavformat/webmdashenc.c
> >> @@ -419,9 +419,10 @@ static int parse_adaptation_sets(AVFormatContext *s)
> >>          if (*p == ' ')
> >>              continue;
> >>          else if (state == new_set && !strncmp(p, "id=", 3)) {
> >> -            w->as = av_realloc(w->as, sizeof(*w->as) * ++w->nb_as);
> >> -            if (w->as == NULL)
> >> +            void *mem = av_realloc(w->as, sizeof(*w->as) * ++w->nb_as);
> >> +            if (mem == NULL)
> >>                  return AVERROR(ENOMEM);
> >
> > nb_as will be 1 larger than the array in the return case
> > is that intended / safe ?
> >
> 
> yes, that value shouldn't be used anywhere else. anyway, i'm reworking
> a lot of error handling in this file. so this is fine for now.

nb_as is used in webm_dash_manifest_write_trailer() too 

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is what and why we do it that matters, not just one of them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150414/7cffff1e/attachment.asc>


More information about the ffmpeg-devel mailing list