PR #23006 opened by James Almer (jamrial) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23006 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23006.patch
Fixes CVE-2026-30999 >From 705d7a03d200a351883183369e59189823bb02fa Mon Sep 17 00:00:00 2001 From: James Almer <[email protected]> Date: Sun, 3 May 2026 13:07:32 -0300 Subject: [PATCH] tools/zmqsend: free the AVBprint buffer after using it Fixes CVE-2026-30999 Fixes: memleak Found-by: Xinghang Lv Signed-off-by: James Almer <[email protected]> --- tools/zmqsend.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/zmqsend.c b/tools/zmqsend.c index dc5d426cc8..17a6194b28 100644 --- a/tools/zmqsend.c +++ b/tools/zmqsend.c @@ -55,7 +55,7 @@ static void usage(void) int main(int argc, char **argv) { AVBPrint src; - char *src_buf, *recv_buf; + char *src_buf = NULL, *recv_buf; int c; int recv_buf_size, ret = 0; void *zmq_ctx, *socket; @@ -165,6 +165,7 @@ int main(int argc, char **argv) av_free(recv_buf); end: + av_freep(&src_buf); zmq_close(socket); zmq_ctx_destroy(zmq_ctx); return ret; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
