Opened 7 years ago
Closed 6 years ago
#7019 closed defect (fixed)
A memory leak bug detected in file /libavcodec/ass_split.c
| Reported by: | Fan Gang | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avcodec |
| Version: | git-master | Keywords: | ass leak |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
How to reproduce:
No step needed for reproduce.
There is a potential memory leak bug in file ass_split.c, here is the description.
A piece of memory is allocated on line 283. When executing the loop twice and if the av_realloc_array returns null the function returns without freeing the memory pointed by order.
if (section->format_header && !order) {
len = strlen(section->format_header);
if (!strncmp(buf, section->format_header, len) && buf[len] == ':') {
buf += len + 1;
while (!is_eol(*buf)) {
buf = skip_space(buf);
len = strcspn(buf, ", \r\n");
283: if (!(tmp = av_realloc_array(order, (*number + 1), sizeof(*order))))
return NULL;
order = tmp;
order[*number] = -1;
for (i=0; section->fields[i].name; i++)
if (!strncmp(buf, section->fields[i].name, len)) {
order[*number] = i;
break;
}
(*number)++;
buf = skip_space(buf + len + (buf[len] == ','));
}
ctx->field_order[ctx->current_section] = order;
goto next_line;
}
}
Suggested fix:
free(order) before return NULL; on line 284
Thanks
Gang
Sbrella
Change History (3)
follow-up: 2 comment:1 by , 7 years ago
| Keywords: | ass added; Memory removed |
|---|
comment:2 by , 7 years ago
Replying to cehoyos:
Please send your patch - made with
git format-patchto the FFmpeg development mailing list.
Sent.
comment:3 by , 6 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed in c6e1966c1a1a8987de0834462d7a76377eaa76bc.
Note:
See TracTickets
for help on using tickets.
Please send your patch - made with
git format-patchto the FFmpeg development mailing list.