vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Mon Feb 26 23:32:45 2018 +0200| [054bcfe4a97449d57d4f701ef642fdd01b3bcca9] | committer: Rémi Denis-Courmont
picture: fix empty allocation leak If the picture has zero planes, pic->p->p_pixels is set to NULL rather than the allocated (zero bytes) buffer, leading to a potential leak depending on aligned_alloc() implementation. > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=054bcfe4a97449d57d4f701ef642fdd01b3bcca9 --- src/misc/picture.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/misc/picture.c b/src/misc/picture.c index 8af4b250f9..69e7c92ad6 100644 --- a/src/misc/picture.c +++ b/src/misc/picture.c @@ -250,7 +250,11 @@ picture_t *picture_NewFromFormat(const video_format_t *restrict fmt) if (unlikely(priv == NULL)) return NULL; + priv->gc.destroy = picture_Destroy; + picture_t *pic = &priv->picture; + if (pic->i_planes == 0) + return NULL; /* Calculate how big the new image should be */ size_t plane_sizes[PICTURE_PLANE_MAX]; @@ -269,7 +273,7 @@ picture_t *picture_NewFromFormat(const video_format_t *restrict fmt) goto error; uint8_t *buf = aligned_alloc(16, pic_size); - if (unlikely(pic_size > 0 && buf == NULL)) + if (unlikely(buf == NULL)) goto error; /* Fill the p_pixels field for each plane */ @@ -279,7 +283,6 @@ picture_t *picture_NewFromFormat(const video_format_t *restrict fmt) buf += plane_sizes[i]; } - priv->gc.destroy = picture_Destroy; return pic; error: free(pic); _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
