* Re: [FFmpeg-devel] [PATCH] libavformat/whip: Add av_freep() to avoid potential memory leak
@ 2025-08-08 0:17 Jiasheng Jiang
2025-08-08 11:07 ` Nicolas George
0 siblings, 1 reply; 3+ messages in thread
From: Jiasheng Jiang @ 2025-08-08 0:17 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jiasheng Jiang
Nicolas George (HE12025-08-07)
> Jiasheng Jiang (HE12025-08-07):
>> Add av_freep() if avio_alloc_context() fails to avoid potential memory leak.
>>
>> Fixes: 167e343bbe ("avformat/whip: Add WHIP muxer support for subsecond latency streaming")
>> Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
>> ---
>> libavformat/whip.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/libavformat/whip.c b/libavformat/whip.c
>> index 256ea14d2c..82a5a51029 100644
>> --- a/libavformat/whip.c
>> +++ b/libavformat/whip.c
>> @@ -1553,6 +1553,7 @@ static int create_rtp_muxer(AVFormatContext *s)
>>
>> rtp_ctx->pb = avio_alloc_context(buffer, buffer_size, 1, s, NULL, on_rtp_write_packet, NULL);
>> if (!rtp_ctx->pb) {
>
>> + av_freep(&buffer);
>> ret = AVERROR(ENOMEM);
>> goto end;
>
> That belong to after end, otherwise you need to make the change
> everywhere.
>
>> }
>
> Regards,
I found that after the success of avio_alloc_context(), buffer is assigned to rtp_ctx->pb->buffer and will be freed in whip_deinit(). Therefore, I think moving av_freep() after end would cause a double free.
- Jiasheng
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [FFmpeg-devel] [PATCH] libavformat/whip: Add av_freep() to avoid potential memory leak
2025-08-08 0:17 [FFmpeg-devel] [PATCH] libavformat/whip: Add av_freep() to avoid potential memory leak Jiasheng Jiang
@ 2025-08-08 11:07 ` Nicolas George
2025-12-01 0:17 ` [FFmpeg-devel] " Jack Lau via ffmpeg-devel
0 siblings, 1 reply; 3+ messages in thread
From: Nicolas George @ 2025-08-08 11:07 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Jiasheng Jiang (HE12025-08-08):
> I found that after the success of avio_alloc_context(), buffer is
> assigned to rtp_ctx->pb->buffer and will be freed in whip_deinit().
> Therefore, I think moving av_freep() after end would cause a double
> free.
Indeed, you are right, I had not checked that.
With your change, if somebody adds an extra operation that might fail
between allocating the buffer and using it in the avio context. It might
be better to free the buffer at the end and set it to NULL if
avio_alloc_context() succeeds to avoid the double free, but that is very
minor.
So no objection to the patch, just take half a second considering my
suggestion.
Regards,
--
Nicolas George
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 3+ messages in thread
* [FFmpeg-devel] Re: [PATCH] libavformat/whip: Add av_freep() to avoid potential memory leak
2025-08-08 11:07 ` Nicolas George
@ 2025-12-01 0:17 ` Jack Lau via ffmpeg-devel
0 siblings, 0 replies; 3+ messages in thread
From: Jack Lau via ffmpeg-devel @ 2025-12-01 0:17 UTC (permalink / raw)
To: FFmpeg development discussions and patches; +Cc: Jack Lau
> On Aug 8, 2025, at 19:07, Nicolas George <george@nsup.org> wrote:
>
> Jiasheng Jiang (HE12025-08-08):
>> I found that after the success of avio_alloc_context(), buffer is
>> assigned to rtp_ctx->pb->buffer and will be freed in whip_deinit().
>> Therefore, I think moving av_freep() after end would cause a double
>> free.
>
> Indeed, you are right, I had not checked that.
>
> With your change, if somebody adds an extra operation that might fail
> between allocating the buffer and using it in the avio context. It might
> be better to free the buffer at the end and set it to NULL if
> avio_alloc_context() succeeds to avoid the double free, but that is very
> minor.
Hi Nicolas,
I guess this patch https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21069 is what you described.
Thanks for your helpful suggestion!
>
> So no objection to the patch, just take half a second considering my
> suggestion.
>
> Regards,
>
> --
> Nicolas George
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Best Regards,
Jack
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-12-01 0:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-08-08 0:17 [FFmpeg-devel] [PATCH] libavformat/whip: Add av_freep() to avoid potential memory leak Jiasheng Jiang
2025-08-08 11:07 ` Nicolas George
2025-12-01 0:17 ` [FFmpeg-devel] " Jack Lau via ffmpeg-devel
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git