Re: [libav-devel] [PATCH] ogg: check and propagate memory allocation failures as appropriate

Wed, 11 Dec 2013 12:26:14 -0800 

On Wed, 11 Dec 2013 09:53:25 -0500, Sean McGovern <[email protected]> wrote:
> On Wednesday, December 11, 2013, Anton Khirnov <[email protected]> wrote:
> >
> > On Mon, 9 Dec 2013 12:48:20 +0100, Diego Biurrun <[email protected]> wrote:
> >> On Mon, Dec 09, 2013 at 12:22:20AM -0500, Sean McGovern wrote:
> >> > --- a/libavformat/oggdec.c
> >> > +++ b/libavformat/oggdec.c
> >> > @@ -60,9 +60,13 @@ static const struct ogg_codec * const ogg_codecs[]
> = {
> >> >  static int ogg_save(AVFormatContext *s)
> >> >  {
> >> >      struct ogg *ogg = s->priv_data;
> >> > +    int i, ret = 0;
> >> >      struct ogg_state *ost =
> >> >          av_malloc(sizeof(*ost) + (ogg->nstreams - 1) *
> sizeof(*ogg->streams));
> >> > -    int i;
> >> > +
> >> > +    if (!ost)
> >> > +        return AVERROR(ENOMEM);
> >> > +
> >> >      ost->pos      = avio_tell(s->pb);
> >> >      ost->curidx   = ogg->curidx;
> >> >      ost->next     = ogg->state;
> >> > @@ -72,12 +76,20 @@ static int ogg_save(AVFormatContext *s)
> >> >      for (i = 0; i < ogg->nstreams; i++) {
> >> >          struct ogg_stream *os = ogg->streams + i;
> >> >          os->buf = av_mallocz(os->bufsize +
> FF_INPUT_BUFFER_PADDING_SIZE);
> >> > +        if (!os->buf) {
> >> > +            ret = AVERROR(ENOMEM);
> >> > +            goto fail;
> >> > +        }
> >> >          memcpy(os->buf, ost->streams[i].buf, os->bufpos);
> >> >      }
> >> >
> >> >      ogg->state = ost;
> >> >
> >> >      return 0;
> >> > +
> >> > +fail:
> >> > +    av_freep(&ost);
> >>
> >> ost is a pointer, why are you taking its address?
> >>
> >
> > Stab. Read how av_freep() works.
> > The & must be there.
> >
> 
> Hi Anton and list members,
> 
> So my original use of & with av_freep() was OK? I will admit that I have
> written some of these sections from memory (especially in the newest
> revision).

Yes, your original usage was ok.

> 
> Do you or anyone else on the mailing list have tips for trying to trip
> these code paths? The reporter for Bugzilla #602 hits at least one of them,
> but does not supply a test stream to reproduce his issue.

The simplest one is init the relevant var to NULL and comment out the malloc

-- 
Anton Khirnov
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to