[FFmpeg-devel] [PATCH 04/10] ffserver.c: Check allocations

Michael Niedermayer michael at niedermayer.cc
Tue May 29 00:43:24 EEST 2018 

On Mon, May 28, 2018 at 08:27:05PM +0200, Stephan Holljes wrote:
> Signed-off-by: Stephan Holljes <klaxa1337 at googlemail.com>
> ---
>  ffserver.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
>  1 file changed, 81 insertions(+), 6 deletions(-)
> 
> diff --git a/ffserver.c b/ffserver.c
> index 66bf7ac..171da51 100644
> --- a/ffserver.c
> +++ b/ffserver.c
> @@ -227,12 +227,25 @@ void write_segment(struct Client *c)
>          }
>          

>          avio_buffer = (unsigned char*) av_malloc(AV_BUFSIZE);

unrelated but you dont need the cast


> +        if (!avio_buffer) {
> +            av_log(NULL, AV_LOG_ERROR, "Could not allocate avio_buffer\n");

some context instead of NULL would be nice so errors arent just all "global"




> +            avformat_free_context(fmt_ctx);
> +            client_disconnect(c, 0);
> +            return;
> +        }
>          avio_ctx = avio_alloc_context(avio_buffer, AV_BUFSIZE, 0, &info, &segment_read, NULL, NULL);
> -        
> +        if (!avio_ctx) {
> +            av_log(NULL, AV_LOG_ERROR, "Could not allocate avio_ctx\n");
> +            avformat_free_context(fmt_ctx);
> +            av_free(avio_buffer);
> +            client_disconnect(c, 0);
> +            return;
> +        }
>          fmt_ctx->pb = avio_ctx;
>          ret = avformat_open_input(&fmt_ctx, NULL, seg->ifmt, NULL);
>          if (ret < 0) {
>              av_log(avio_ctx, AV_LOG_ERROR, "Could not open input\n");
> +            avformat_close_input(&fmt_ctx);
>              av_free(avio_ctx->buffer);
>              avio_context_free(&avio_ctx);
>              client_disconnect(c, 0);
> @@ -242,6 +255,7 @@ void write_segment(struct Client *c)
>          ret = avformat_find_stream_info(fmt_ctx, NULL);
>          if (ret < 0) {
>              av_log(fmt_ctx, AV_LOG_ERROR, "Could not find stream information\n");
> +            avformat_close_input(&fmt_ctx);
>              av_free(avio_ctx->buffer);
>              avio_context_free(&avio_ctx);
>              client_disconnect(c, 0);
> @@ -274,9 +288,8 @@ void write_segment(struct Client *c)
>                  return;
>              }
>          }
> -        avformat_close_input(&fmt_ctx);
>          av_free(avio_ctx->buffer);
> -        avformat_free_context(fmt_ctx);
> +        avformat_close_input(&fmt_ctx);
>          avio_context_free(&avio_ctx);
>          pthread_mutex_lock(&c->buffer_lock);
>          av_fifo_drain(c->buffer, sizeof(struct Segment*));
> @@ -369,13 +382,25 @@ void *accept_thread(void *arg)
>          }
>          
>          avio_buffer = av_malloc(AV_BUFSIZE);
> +        if (!avio_buffer) {
> +            av_log(NULL, AV_LOG_ERROR, "Could not allocate output format context.\n");
> +            publisher_cancel_reserve(pub);
> +            info->httpd->close(server, client);
> +            continue;
> +        }

>          ffinfo = av_malloc(sizeof(struct FFServerInfo));

not about this patch but existing code but
using a code like sizeof(*ffinfo) would avoid having to duplicate the type
in the source code (one less opertunity to make mistakes)

[...]

> @@ -521,9 +555,39 @@ void *run_server(void *arg) {
>      ainfo.config = config;
>      
>      rinfos = av_mallocz_array(config->nb_streams, sizeof(struct ReadInfo));
> +    if (!rinfos) {
> +        av_log(NULL, AV_LOG_ERROR, "Could not allocate read infos.\n");
> +        av_free(pubs);
> +        av_free(ifmt_ctxs);
> +        return NULL;
> +    }
>      winfos_p = av_mallocz_array(config->nb_streams, sizeof(struct WriteInfo*));
> +    if (!winfos_p) {
> +        av_log(NULL, AV_LOG_ERROR, "Could not allocate write info pointers.\n");
> +        av_free(pubs);
> +        av_free(ifmt_ctxs);
> +        av_free(rinfos);
> +        return NULL;
> +    }
>      r_threads = av_mallocz_array(config->nb_streams, sizeof(pthread_t));
> +    if (!r_threads) {
> +        av_log(NULL, AV_LOG_ERROR, "Could not allocate read thread handles.\n");
> +        av_free(pubs);
> +        av_free(ifmt_ctxs);
> +        av_free(rinfos);
> +        av_free(winfos_p);
> +        return NULL;
> +    }
>      w_threads_p = av_mallocz_array(config->nb_streams, sizeof(pthread_t*));
> +    if (!w_threads_p) {
> +        av_log(NULL, AV_LOG_ERROR, "Could not allocate write thread handle pointers.\n");
> +        av_free(pubs);
> +        av_free(ifmt_ctxs);
> +        av_free(rinfos);
> +        av_free(winfos_p);
> +        av_free(r_threads);
> +        return NULL;
> +    }

some goto cleanup_error
and a cleanup_error that deallocates and returns
would avoid having to duplicate the cleanup code


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

What does censorship reveal? It reveals fear. -- Julian Assange
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180528/23dac129/attachment.sig>

More information about the ffmpeg-devel mailing list