From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 13D244A628 for ; Tue, 2 Apr 2024 01:36:02 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 28FBD68D008; Tue, 2 Apr 2024 04:35:59 +0300 (EEST) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05olkn2102.outbound.protection.outlook.com [40.92.90.102]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 37B4068CFFC for ; Tue, 2 Apr 2024 04:35:52 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cBQI9h6Wsr00BAlUY8QmpFmytMEQg7zRK29PmuHGnEETj0UJrZCfwL6NIU3tfduRWSM/pxf/iCU4B367BtN+rHJamH/J0AqpBOgnulKChyOBjoBx0nrQRzMNd8bfQc7LN71za3ogJLYUk5htYZC2SRQygqBUuNtoTmC8X+irW22+/NbP/XXgIQy7htk6Pn6TQp4iaBSpCX2yJ9US4W+EtbeFiZqAH3RY7q+ohE7UsbCoh718JpXZwkI1SGyU1bOkmcDIesSx7HVl/7T7c2DvaVSPzUYqQiTBhX1425U8ee0NNzG4G3fRsCPmnE6kgCOO8Ge0X2yC8YYd8LVKEgqnrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rOG/cGR0VgHhqqQd1kkjZ5JKeQEswLRWHpCoWhvBFMY=; b=HxjXQmnDcCgfuBY46uzvsjLl52GDNN5BTOisxs8yv4EgCg3EAP2J/VznqKJYDExgG+j7Yp3jFEF7eJq4NpHJaE+oXevyPJvQxH2eRRC9i+jlkJ2fxP/5FcoE5PEDveFzU2bw9jQXQjyFFQE1PeUcjHAWnJ6p/pYL4PByIDrAxR3DG4960HHZOJfl9Fl1k0asZDsNv8XMmLe20Gt20NgoKtLIRW6H0DTttkzjsxtR2Xa/4nsLHitWM4JEUwA6em25KKKnGI3em2Ak7opDO4akK6QdseDHFS+6jqIPtOQrjK5C+tkJgsaSU8twEynpv4wyE//yBKBZSdregexL85bhgA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rOG/cGR0VgHhqqQd1kkjZ5JKeQEswLRWHpCoWhvBFMY=; b=jX7yS62lQ0E44dLEdg6anAPxLvxZABtACm8jfVI9eJCj3QCR83xSiEId8Z6gcmsCsCOnYTo31wUUPGky+c1raz7KCvtmIV4U8Ex7nTspJ8L7xKbjI6UvUAcgL2IOUF9n54RROCAKCvzcDBtifgfWl+mRzz4xsz+wdY9rUcbz1IXb5SlV9MZsQLwPPSNf9YwhjmJIRPV6ukiLusFrc49/yUtR6ra3kLOeHw10CoQJYPXv2a+Ec9yFQIBmZyQsqKLEV9oDaKvbUFN9UjcHolyn+JgoyrSdd87FEiYiS0+fhKuEpz1Mgm/GWVKk+yvwiF+I4+RF6vJYV90u9lS1DsovnA== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by AS4P250MB0416.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:4c3::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Tue, 2 Apr 2024 01:35:48 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4a3b:cf76:cddc:c68d]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4a3b:cf76:cddc:c68d%4]) with mapi id 15.20.7409.042; Tue, 2 Apr 2024 01:35:48 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Tue, 2 Apr 2024 03:35:33 +0200 Message-ID: X-Mailer: git-send-email 2.40.1 X-TMN: [JlCr6+V4fucv1HK4aHHhszsgC+fDViGKe+dt87Zjqg4=] X-ClientProxiedBy: ZR2P278CA0082.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:65::11) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: <20240402013539.1509586-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|AS4P250MB0416:EE_ X-MS-Office365-Filtering-Correlation-Id: ffa35065-e109-441a-ab96-08dc52b5396c X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: elEhaxRl0CKPH0jQZ8Pss3DWt/R+nZDIgp7AnDbcW8LCb0EQsX8QSqTQbbkCmHGO90Vc9aOn/0Z1B6OAUgm1wHKZ6dSknnzjq+bA35x/uw9h/d2vziQTQz//H3C9xbpZca09msDL3wCLZA7V614mFHsCZW92gLjGVyvfA0Q+YNJOlBPRcg9I9FRI+bwtQnDDzj1EdtucvOOxHt97S5d2IZC6WY0bpvg50fwlF2rQXFqwRYQXALlCWHERpRpvtUtQ3ZLSmPeguqsH18fhOzfIUcK88Y6UiTpGsl3VaQY2GceEQ2y0FR0PyIxu1sffVbc+ROCnmPVP2icnNI4KJTdKcR0mTtGV3+r8JixhcmoXZ+bHSZivSTRiBfn3Y0Nvk6uowFl5UMdV27fFRewACMsYbGuMbWnQ3vYvFl53yEQ5D8ax/fitzi8c3FGLAyJh+FAOyAIQ457j9dWOLEk6U1q7l9GnR4jZ7cP0ASBDD7iGI0IzT6JDcWS3K/2FLKqnJ4qghlaT1v5V+vqgs7tfW+lSA5paxnApMRHJG+GXq0dgWQu4MyZdrDYGZ6w8nd2Bx/h9nv93Zo6qhTT/Z9l5nGe99HWjS/vfzArZ/IJt6AZD36yKw4S/ImEstII/LRIdGt9G X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?a0xHxJoJS8oJ7h3WOcpNyVwa2/NaBNtQdLMkjuz4wHDuso+fGbCXCmVjN5Eo?= =?us-ascii?Q?VeHP3KlXfm4r26kdXBRDkUgEwt3kTdmi9HvZkXWX2kirInvK+F21/ZKKShk5?= =?us-ascii?Q?aXw4lUfHWTJzlIU4uZ7YsdWY9FGdejyv9KBdhMxMujIYOK/uPJ195cKQQIsj?= =?us-ascii?Q?1gP3zvz5idFkmACJY+DdBRnGYVhArJCXc18Cl6h5+cR+09rvk5THHGegL/Yq?= =?us-ascii?Q?8Ex8H8oEh01hO2wsvq3jxy+UFSDSns6ygKDlYcyXi9jPcvAv7tqVud4IzmzD?= =?us-ascii?Q?bpS4cdrqoOebbbb8Tuh6aqhW647osNYjXbCNcoVbRvLNdo01OegbOcsQfoX4?= =?us-ascii?Q?WS7ot6/Ze7xEjrCcLxpVbKvwqIZvZMsAiLGOKwaUT6CzkFgEvi6CXxa5ovVe?= =?us-ascii?Q?X26Us1RZ3Pc3eNHbVvwLtZny2cqx+Vp7MelZDK27OuRczRpqcdua7+x4RKZd?= =?us-ascii?Q?XlrQ58CstZ3VOD1teQS2QMSlryz/2doYViXuWhdUFXOe5pj/G732RL/67FFf?= =?us-ascii?Q?ArxJC8HP24s4zAHf4qWY/8jE9tvoTmuw+xpqJIYhY5jGzSLEB/fmMwJyevSi?= =?us-ascii?Q?lp1YsXFseTkHGrpqI4okrGprytSiE3+kSsu5sydRj4HzWaI8HrDgRhdwW0g+?= =?us-ascii?Q?heiV6TMcbkW0Hjuo8BusJfaA4NHlKLXyOhZU9wiSawLUi5Lmchdr3Rout50h?= =?us-ascii?Q?De96E86GJbropStAj5W8pMgwvEk8uIabPquKDSZzjPStq3kHZVGOJaGk9We1?= =?us-ascii?Q?QgYYHnr6bNLOs7S5AODTeA4uR1q4CQHrDwHZSrsPiNo/3qsWeFsJ8RERxw9K?= =?us-ascii?Q?AhucjukPHoTkh5lJTt/g3CLYhhnTQKQhrkHhXewPXdc5EHfCWvN7Z4XEQdbd?= =?us-ascii?Q?A0+ZXs9RBZD3vRW2Iv2OhqR9BUXXFWBEixHkpBpIy//CvUduLnhlkgvNi1Cl?= =?us-ascii?Q?Df28uHuwkcuS6TOfh3NLm+fuj2M8oDViqhuZugNbdk2TgXPh2MHZDvQITOmS?= =?us-ascii?Q?BNTVpRlgI62n82/40sSdooi8GwHcJgkFF6jO/JushzpZzvjIDYmRFimHMTDI?= =?us-ascii?Q?+GG1oA2U3fxdfkDUM9lO0/azJvuoJOOQhbTqbTEVbIohL25q2Z8tIslaKjrJ?= =?us-ascii?Q?LghJxvV5Xu0Wq/+FkU+YWbeEyNasqwFe1WLFvEGrX6TmFP+isEX6VO0LXwbJ?= =?us-ascii?Q?oTYdek+YeCytSktW94Rszd+6uo6aYKpE8yQzRdKyRhwhlcExkG5f5xQYLeB9?= =?us-ascii?Q?kJSqLzgC+vPwRXKbLWjzpCrypOVOVJDZI1esmbmrDw=3D=3D?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ffa35065-e109-441a-ab96-08dc52b5396c X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2024 01:35:48.7950 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P250MB0416 Subject: [FFmpeg-devel] [PATCH 1/7] avcodec/wavpack: Fix leak and segfault on reallocation error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: av_realloc_f() frees the buffer it is given on allocation failure. But in this case, the buffer is an array of ownership pointers, causing leaks on error. Furthermore, the count of pointers is unchanged on error and the codec's close function uses it to free said ownership pointers, causing a NPD. This is a regression since 46412a8935e4632b2460988bfce4152c7dccce22. Fix this by switching to av_realloc_array(). Signed-off-by: Andreas Rheinhardt --- Actually, one only needs one WavpackFrameContext at a time, given that this decoder does not do proper slice threading. Alternatively, one could implement proper slice threading. libavcodec/wavpack.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 7e60a1456a..36bd4662e8 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -973,9 +973,11 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb, static av_cold int wv_alloc_frame_context(WavpackContext *c) { - c->fdec = av_realloc_f(c->fdec, c->fdec_num + 1, sizeof(*c->fdec)); - if (!c->fdec) + WavpackFrameContext **fdec = av_realloc_array(c->fdec, c->fdec_num + 1, sizeof(*c->fdec)); + + if (!fdec) return -1; + c->fdec = fdec; c->fdec[c->fdec_num] = av_mallocz(sizeof(**c->fdec)); if (!c->fdec[c->fdec_num]) -- 2.40.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".