avformat/id3v2: Fix double-free on error

ff_id3v2_parse_priv_dict() uses av_dict_set() with the flags AV_DICT_DONT_STRDUP_KEY and AV_DICT_DONT_STRDUP_VAL. In this case both key and value are freed on error (and owned by the destination dictionary on success), so that freeing them again on error is a double-free and therefore forbidden. But it nevertheless happened. Fixes CID 1452489 and 1452421. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 67d4940a7795aa3afc8d1e624de33b030e0be51e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> 2019-11-10 05:07:28 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-01-06 15:03:15 +0100
commit: 6770f0906686586f9a5f2c58ae12ea264558ada0 (patch)
tree: 6030552afbcd0a4bbaa5c3fa20a7e921d4437a19
parent: caa7f10047c7aa4b25b774c821db07a4236a6b72 (diff)
download: ffmpeg-6770f0906686586f9a5f2c58ae12ea264558ada0.tar.gz
1 files changed, 0 insertions, 2 deletions
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 5fe055b591..bec3300ad6 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -1262,8 +1262,6 @@ int ff_id3v2_parse_priv_dict(AVDictionary **metadata, ID3v2ExtraMeta **extra_met
             }
 
             if ((ret = av_dict_set(metadata, key, escaped, dict_flags)) < 0) {
-                av_free(key);
-                av_free(escaped);
                 return ret;
             }
         }
author	Andreas Rheinhardt <andreas.rheinhardt@gmail.com>	2019-11-10 05:07:28 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 15:03:15 +0100
commit	6770f0906686586f9a5f2c58ae12ea264558ada0 (patch)
tree	6030552afbcd0a4bbaa5c3fa20a7e921d4437a19
parent	caa7f10047c7aa4b25b774c821db07a4236a6b72 (diff)
download	ffmpeg-6770f0906686586f9a5f2c58ae12ea264558ada0.tar.gz