On 02.12.2016 18:07, Vittorio Giovara wrote:
> On Sun, Nov 13, 2016 at 5:25 PM, Andreas Cadhalpun
> <andreas.cadhal...@googlemail.com> wrote:
>> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
>> ---
>> libavcodec/libschroedingerdec.c | 26 +++++++++++++++++---------
>> 1 file changed, 17 insertions(+), 9 deletions(-)
>>
>> @@ -308,10 +314,9 @@ static int libschroedinger_decode_frame(AVCodecContext
>> *avctx,
>> framewithpts = ff_schro_queue_pop(&p_schro_params->dec_frame_queue);
>>
>> if (framewithpts && framewithpts->frame &&
>> framewithpts->frame->components[0].stride) {
>> - int ret;
>>
>> - if ((ret = ff_get_buffer(avctx, avframe, 0)) < 0)
>> - return ret;
>> + if ((ret = ff_get_buffer(avctx, avframe, 0)) < 0) {}
>> + goto end;
>
> this seems dangerous
That's wrong, of course, but the patch is superseded by the attached one,
anyway.
I just forgot to CC the libav.org mailing list. Sigh...
Best regards,
Andreas
>From 9cf7226543e25e494bed768b73f39e67d89f25d1 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
Date: Sun, 13 Nov 2016 23:10:06 +0100
Subject: [PATCH] libschroedingerdec: fix leaking of framewithpts
Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
libavcodec/libschroedingerdec.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/libavcodec/libschroedingerdec.c b/libavcodec/libschroedingerdec.c
index 1e392b3..02cbe57 100644
--- a/libavcodec/libschroedingerdec.c
+++ b/libavcodec/libschroedingerdec.c
@@ -218,6 +218,7 @@ static int libschroedinger_decode_frame(AVCodecContext *avctx,
int outer = 1;
SchroParseUnitContext parse_ctx;
LibSchroFrameContext *framewithpts = NULL;
+ int ret;
*got_frame = 0;
@@ -308,10 +309,9 @@ static int libschroedinger_decode_frame(AVCodecContext *avctx,
framewithpts = ff_schro_queue_pop(&p_schro_params->dec_frame_queue);
if (framewithpts && framewithpts->frame && framewithpts->frame->components[0].stride) {
- int ret;
if ((ret = ff_get_buffer(avctx, avframe, 0)) < 0)
- return ret;
+ goto end;
memcpy(avframe->data[0],
framewithpts->frame->components[0].data,
@@ -337,15 +337,17 @@ FF_ENABLE_DEPRECATION_WARNINGS
avframe->linesize[2] = framewithpts->frame->components[2].stride;
*got_frame = 1;
-
- /* Now free the frame resources. */
- libschroedinger_decode_frame_free(framewithpts->frame);
- av_free(framewithpts);
} else {
data = NULL;
*got_frame = 0;
}
- return buf_size;
+ ret = buf_size;
+end:
+ /* Now free the frame resources. */
+ if (framewithpts && framewithpts->frame)
+ libschroedinger_decode_frame_free(framewithpts->frame);
+ av_freep(&framewithpts);
+ return ret;
}
--
2.10.2
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
