[FFmpeg-devel] [PATCH] nut: Fix unchecked allocations

Derek Buitenhuis derek.buitenhuis at gmail.com
Tue Oct 22 17:16:59 CEST 2013


Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
---
 libavformat/nut.c    | 10 +++++++++-
 libavformat/nut.h    |  2 +-
 libavformat/nutdec.c |  5 ++++-
 libavformat/nutenc.c |  3 ++-
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/libavformat/nut.c b/libavformat/nut.c
index 7e79979..8b8a4cb 100644
--- a/libavformat/nut.c
+++ b/libavformat/nut.c
@@ -227,11 +227,17 @@ int ff_nut_sp_pts_cmp(const Syncpoint *a, const Syncpoint *b)
     return ((a->ts - b->ts) >> 32) - ((b->ts - a->ts) >> 32);
 }
 
-void ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts)
+int ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts)
 {
     Syncpoint *sp           = av_mallocz(sizeof(Syncpoint));
     struct AVTreeNode *node = av_tree_node_alloc();
 
+    if (!sp || !node) {
+        av_freep(&sp);
+        av_freep(&node);
+        return AVERROR(ENOMEM);
+    }
+
     nut->sp_count++;
 
     sp->pos      = pos;
@@ -242,6 +248,8 @@ void ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts)
         av_free(sp);
         av_free(node);
     }
+
+    return 0;
 }
 
 static int enu_free(void *opaque, void *elem)
diff --git a/libavformat/nut.h b/libavformat/nut.h
index dc5af15..da456ac 100644
--- a/libavformat/nut.h
+++ b/libavformat/nut.h
@@ -122,7 +122,7 @@ void ff_nut_reset_ts(NUTContext *nut, AVRational time_base, int64_t val);
 int64_t ff_lsb2full(StreamContext *stream, int64_t lsb);
 int ff_nut_sp_pos_cmp(const Syncpoint *a, const Syncpoint *b);
 int ff_nut_sp_pts_cmp(const Syncpoint *a, const Syncpoint *b);
-void ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts);
+int ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts);
 void ff_nut_free_sp(NUTContext *nut);
 
 extern const Dispositions ff_nut_dispositions[];
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index f380279..aa7ca67 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -558,6 +558,7 @@ static int decode_syncpoint(NUTContext *nut, int64_t *ts, int64_t *back_ptr)
     AVIOContext *bc    = s->pb;
     int64_t end;
     uint64_t tmp;
+    int ret;
 
     nut->last_syncpoint_pos = avio_tell(bc) - 8;
 
@@ -579,7 +580,9 @@ static int decode_syncpoint(NUTContext *nut, int64_t *ts, int64_t *back_ptr)
 
     *ts = tmp / nut->time_base_count *
           av_q2d(nut->time_base[tmp % nut->time_base_count]) * AV_TIME_BASE;
-    ff_nut_add_sp(nut, nut->last_syncpoint_pos, *back_ptr, *ts);
+
+    if ((ret = ff_nut_add_sp(nut, nut->last_syncpoint_pos, *back_ptr, *ts)) < 0)
+        return ret;
 
     return 0;
 }
diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c
index f24813b..b6d754d 100644
--- a/libavformat/nutenc.c
+++ b/libavformat/nutenc.c
@@ -858,7 +858,8 @@ static int nut_write_packet(AVFormatContext *s, AVPacket *pkt)
         ff_put_v(dyn_bc, sp ? (nut->last_syncpoint_pos - sp->pos) >> 4 : 0);
         put_packet(nut, bc, dyn_bc, 1, SYNCPOINT_STARTCODE);
 
-        ff_nut_add_sp(nut, nut->last_syncpoint_pos, 0 /*unused*/, pkt->dts);
+        if ((ret = ff_nut_add_sp(nut, nut->last_syncpoint_pos, 0 /*unused*/, pkt->dts)) < 0)
+            return ret;
 
         if ((1ll<<60) % nut->sp_count == 0)
             for (i=0; i<s->nb_streams; i++) {
-- 
1.8.4.rc3



More information about the ffmpeg-devel mailing list