On Mon, Apr 13, 2015 at 12:16:44PM -0700, Vignesh Venkatasubramanian wrote: > Fix potential leak in av_realloc call where the output was being > overwritten by using a temporary variable. > > Signed-off-by: Vignesh Venkatasubramanian <vigne...@google.com> > --- > libavformat/webmdashenc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c > index 80266f7..0f915fd 100644 > --- a/libavformat/webmdashenc.c > +++ b/libavformat/webmdashenc.c > @@ -419,9 +419,10 @@ static int parse_adaptation_sets(AVFormatContext *s) > if (*p == ' ') > continue; > else if (state == new_set && !strncmp(p, "id=", 3)) { > - w->as = av_realloc(w->as, sizeof(*w->as) * ++w->nb_as); > - if (w->as == NULL) > + void *mem = av_realloc(w->as, sizeof(*w->as) * ++w->nb_as); > + if (mem == NULL) > return AVERROR(ENOMEM);
nb_as will be 1 larger than the array in the return case is that intended / safe ? [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB DNS cache poisoning attacks, popular search engine, Google internet authority dont be evil, please
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel