On Tue, Mar 06, 2018 at 01:42:36AM -0300, James Almer wrote:
> This prevents leaks in the rare cases the function is called when extradata
> already exists.
>
> Signed-off-by: James Almer <jamr...@gmail.com>
> ---
> libavformat/utils.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index 72531d4185..31340a484b 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -3245,6 +3245,7 @@ int ff_alloc_extradata(AVCodecParameters *par, int size)
> {
> int ret;
>
> + av_freep(&par->extradata);
> if (size < 0 || size >= INT32_MAX - AV_INPUT_BUFFER_PADDING_SIZE) {
> par->extradata = NULL;
> par->extradata_size = 0;This causes memory corruption ... [mpegts @ 0x7f8c74000a80] PES packet size mismatch *** Error in `./ffplay': double free or corruption (fasttop): 0x00007f8c7402d9c0 *** Aborted (core dumped) I think this should not have been applied so quickly, i tested it as soon as i had time and saw it but it was applied already If it helps i can debug the cases i see to find out which calls cause them but someone will still have to review all call sites probably for this change to be safe [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Observe your enemies, for they first find out your faults. -- Antisthenes
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
