[FFmpeg-devel] [PATCH 3/8] avfilter/af_channelmap: fix memory leak

Ganesh Ajjanagadde gajjanagadde at gmail.com
Wed Dec 9 14:03:40 CET 2015


On Sat, Dec 5, 2015 at 3:55 PM, Ganesh Ajjanagadde
<gajjanagadde at gmail.com> wrote:
> On Sat, Dec 5, 2015 at 3:50 PM, Paul B Mahol <onemda at gmail.com> wrote:
>> On 12/4/15, Ganesh Ajjanagadde <gajjanagadde at gmail.com> wrote:
>>> Recent commits 6aaac24d72a7da631173209841a3944fcb4a3309 and
>>> 3835554bf8ed78539a3492c239f979c0ab03a15f made progress towards cleaning
>>> up usage of the formats API, and in particular fixed possible NULL pointer
>>> dereferences.
>>>
>>> This commit addresses the issue of possible resource leaks when some
>>> intermediate
>>> call fails.
>>>
>>> Tested with valgrind --leak-check=full --show-leak-kinds=all, and manual
>>> simulation
>>> of malloc/realloc failures.
>>>
>>> Fixes: CID 1338330.
>>>
>>> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde at gmail.com>
>>> ---
>>>  libavfilter/af_channelmap.c | 10 +++++++++-
>>>  1 file changed, 9 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/libavfilter/af_channelmap.c b/libavfilter/af_channelmap.c
>>> index 9e95a98..dfe3d48 100644
>>> --- a/libavfilter/af_channelmap.c
>>> +++ b/libavfilter/af_channelmap.c
>>> @@ -292,14 +292,22 @@ static int channelmap_query_formats(AVFilterContext
>>> *ctx)
>>>      int ret;
>>>
>>>      layouts = ff_all_channel_layouts();
>>> +    if (!layouts) {
>>> +        ret = AVERROR(ENOMEM);
>>
>> Consider this: ff_all_channel_layouts returns NULL.
>>
>>> +        goto fail;
>>
>> Ok, we do not return immediately but use gotos, whatever...
>>
>>> +    }
>>>      if ((ret = ff_add_channel_layout     (&channel_layouts,
>>> s->output_layout                    )) < 0 ||
>>>          (ret = ff_set_common_formats     (ctx             ,
>>> ff_planar_sample_fmts()             )) < 0 ||
>>>          (ret = ff_set_common_samplerates (ctx             ,
>>> ff_all_samplerates()                )) < 0 ||
>>>          (ret = ff_channel_layouts_ref    (layouts         ,
>>> &ctx->inputs[0]->out_channel_layouts)) < 0 ||
>>>          (ret = ff_channel_layouts_ref    (channel_layouts ,
>>> &ctx->outputs[0]->in_channel_layouts)) < 0)
>>> -        return ret;
>>> +            goto fail;
>>>
>>>      return 0;
>>> +fail:
>>> +    av_freep(&layouts->channel_layouts);
>>
>> What happens here if layouts is NULL ?
>
> Clement has asked this for another one of these, and I replied there
> saying that I fixed it locally, and that such a remark applies to all
> other patches sent in the set. I did not want to ping all the other
> patches. Nevertheless, thanks for pointing it out.

pushed, thanks

>
>>
>>> +    av_freep(&layouts);
>>> +    return ret;
>>>  }
>>>
>>>  static int channelmap_filter_frame(AVFilterLink *inlink, AVFrame *buf)
>>> --
>>> 2.6.3
>>>
>>> _______________________________________________
>>> ffmpeg-devel mailing list
>>> ffmpeg-devel at ffmpeg.org
>>> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>>


More information about the ffmpeg-devel mailing list