[FFmpeg-devel] [PATCH] mxfdec: fix double free

Tomas Härdin tomas.hardin at codemill.se
Tue Dec 11 13:19:49 CET 2012


On Sun, 2012-12-09 at 19:29 +0100, Michael Niedermayer wrote:
> On Sun, Dec 09, 2012 at 06:55:57PM +0100, Tomas Härdin wrote:
> > Future patch idea: check that extradata hasn't already been parsed when
> > parsing the descriptor. That would avoid a potential memory leak.
> 
> something like this: ?
> 
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index a1884f1..7af9193 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -866,6 +866,10 @@ static int mxf_read_generic_descriptor(void *arg, AVIOContext *pb, int tag, int
>      default:
>          /* Private uid used by SONY C0023S01.mxf */
>          if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata)) {
> +            if (descriptor->extradata)
> +                av_log(NULL, AV_LOG_WARNING, "Duplicate sony_mpeg4_extradata\n");
> +            av_free(descriptor->extradata);
> +            descriptor->extradata_size = 0;
>              descriptor->extradata = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE);
>              if (!descriptor->extradata)
>                  return AVERROR(ENOMEM);

Yeah, that looks fine. Btw, FF_INPUT_BUFFER_PADDING_SIZE can be dropped
since the padding is done in mxf_parse_structural_metadata() now.

/Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20121211/06e499f9/attachment.asc>


More information about the ffmpeg-devel mailing list