From: "Kacper Michajłow" <kasper93-at-gmail.com@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Cc: "Kacper Michajłow" <kasper93@gmail.com>
Subject: [FFmpeg-devel] [PATCH] avutil/avstring: shrink allocation from av_get_token to fit token
Date: Fri, 4 Jul 2025 20:10:41 +0200
Message-ID: <20250704181041.811-1-kasper93@gmail.com> (raw)
av_get_token() allocates an output buffer with the same size as the
input. Generally, this is harmless, but when the input string is large
and consists of many small tokens, calling av_get_token() repeatedly to
extract all tokens will significantly amplify memory allocations.
To fix this, after obtaining the return value, simply realloc the buffer
to the actual size needed for output string.
Fixes OOM when parsing filter graph string.
Fixes OSS-Fuzz: 394983446
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
---
libavutil/avstring.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavutil/avstring.c b/libavutil/avstring.c
index 875eb691db..b4266aefe5 100644
--- a/libavutil/avstring.c
+++ b/libavutil/avstring.c
@@ -142,7 +142,7 @@ end:
char *av_get_token(const char **buf, const char *term)
{
- char *out = av_malloc(strlen(*buf) + 1);
+ char *out = av_realloc(NULL, strlen(*buf) + 1);
char *ret = out, *end = out;
const char *p = *buf;
if (!out)
@@ -172,7 +172,7 @@ char *av_get_token(const char **buf, const char *term)
*buf = p;
- return ret;
+ return av_realloc(ret, out - ret + 2);
}
char *av_strtok(char *s, const char *delim, char **saveptr)
--
2.47.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next reply other threads:[~2025-07-04 18:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-04 18:10 Kacper Michajłow [this message]
2025-07-04 18:22 ` Andreas Rheinhardt
2025-07-04 18:37 ` Kacper Michajlow
2025-07-04 18:43 ` Kacper Michajlow
2025-07-04 18:51 ` Andreas Rheinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250704181041.811-1-kasper93@gmail.com \
--to=kasper93-at-gmail.com@ffmpeg.org \
--cc=ffmpeg-devel@ffmpeg.org \
--cc=kasper93@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git