On Thu, 22 May 2014 23:43:11 +0530, Nidhi Makhijani <[email protected]> wrote:
> ---
> merged with patch http://patchwork.libav.org/patch/46348/
>
> libavformat/oggdec.c | 71
> +++++++++++++++++++++++++++++++++++++--------
> libavformat/oggparsespeex.c | 6 ++++
> 2 files changed, 65 insertions(+), 12 deletions(-)
>
> diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
> index ae9da3a..5dbf492 100644
> --- a/libavformat/oggdec.c
> +++ b/libavformat/oggdec.c
> @@ -63,6 +63,10 @@ static int ogg_save(AVFormatContext *s)
> struct ogg_state *ost =
> av_malloc(sizeof(*ost) + (ogg->nstreams - 1) *
> sizeof(*ogg->streams));
> int i;
> +
> + if (!ost)
> + return AVERROR(ENOMEM);
> +
> ost->pos = avio_tell(s->pb);
> ost->curidx = ogg->curidx;
> ost->next = ogg->state;
> @@ -72,6 +76,17 @@ static int ogg_save(AVFormatContext *s)
> for (i = 0; i < ogg->nstreams; i++) {
> struct ogg_stream *os = ogg->streams + i;
> os->buf = av_mallocz(os->bufsize + FF_INPUT_BUFFER_PADDING_SIZE);
> + if (!os->buf) {
> + int n;
> +
> + for (n = 0; n < i; n++) {
> + struct ogg_stream *os = ogg->streams + n;
> + av_freep(&os->buf);
> + }
> +
> + av_freep(&ost);
This freeing patter is duplicated multiple times over this patch.
It'd be better to make it a separate function.
Perhaps adapt ogg_read_close() so that it can be called from any stage of
failure (or possible it already can be).
> + return AVERROR(ENOMEM);
> + }
> memcpy(os->buf, ost->streams[i].buf, os->bufpos);
> }
>
> @@ -173,10 +188,18 @@ static int ogg_new_stream(AVFormatContext *s, uint32_t
> serial, int new_avstream)
> os->header = -1;
> os->start_granule = OGG_NOGRANULE_VALUE;
>
> + if (!os->buf) {
The check should be immediately after the allocation.
Moving the malloc further down would probably look best.
--
Anton Khirnov
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
