On 8/9/20, Andreas Rheinhardt <[email protected]> wrote: > The query_formats function of the remap filter tries to allocate > two lists of formats which on success are attached to more permanent objects > (AVFilterLinks) for storage afterwards. If attaching a list to an > AVFilterLink succeeds, it is in turn owned by the AVFilterLink (or more > exactly, the AVFilterLink becomes one of the common owners of the list). > Yet if attaching a list to one of its links succeeds and an error happens > lateron, both lists were manually freed, which means that is wrong if the > list is already owned by one or more links; these links' pointers to > their lists will become dangling and there will be a double-free/use-after- > free when these links are cleaned up automatically. > > This commit fixes this by removing the custom free code; this will > temporarily add a leaking codepath (if attaching a list not already > owned by a link to a link fails, the list will leak), but this will > be fixed soon by making sure that an AVFilterFormats without owner will > be automatically freed when attaching it to an AVFilterLink fails. > Notice at most one list leaks because a new list is only allocated > after the old list has been successfully attached to a link. > > Signed-off-by: Andreas Rheinhardt <[email protected]> > --- > libavfilter/vf_remap.c | 24 +++++++----------------- > 1 file changed, 7 insertions(+), 17 deletions(-) >
LGTM _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
