On Sat, Nov 19, 2016 at 1:33 PM, James Almer <[email protected]> wrote: > If realloc fails, the pointer is overwritten and the previously allocated > buffer > is leaked, which goes against the expected functionality of keeping the packet > unchanged in case of error. > > Signed-off-by: James Almer <[email protected]> > --- > Should be backported to release/12. > > libavcodec/avpacket.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c > index f2b0a29..93e9eb6 100644 > --- a/libavcodec/avpacket.c > +++ b/libavcodec/avpacket.c > @@ -240,16 +240,17 @@ FF_ENABLE_DEPRECATION_WARNINGS > int av_packet_add_side_data(AVPacket *pkt, enum AVPacketSideDataType type, > uint8_t *data, size_t size) > { > + AVPacketSideData *tmp; > int elems = pkt->side_data_elems; > > if ((unsigned)elems + 1 > INT_MAX / sizeof(*pkt->side_data)) > return AVERROR(ERANGE); > > - pkt->side_data = av_realloc(pkt->side_data, > - (elems + 1) * sizeof(*pkt->side_data)); > - if (!pkt->side_data) > + tmp = av_realloc(pkt->side_data, (elems + 1) * sizeof(*tmp)); > + if (!tmp) > return AVERROR(ENOMEM);
would it be possible to use av_reallocp() instead? -- Vittorio _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
