diff options
| author | James Almer <jamrial@gmail.com> | 2019-05-22 03:04:38 +0200 |
|---|---|---|
| committer | James Almer <jamrial@gmail.com> | 2019-07-21 01:04:42 -0300 |
| commit | ae5c80b9cae8716085eaacd887c28378ae99233b (patch) | |
| tree | 30773edac8a048c8968424752211dadec14ebc8b | |
| parent | b3b5941ec7b4c1dbb059b0cd85db3c659d5c8039 (diff) | |
| download | ffmpeg-ae5c80b9cae8716085eaacd887c28378ae99233b.tar.gz | |
avcodec/cbs_mpeg2: fix leak of extra_information_slice buffer in cbs_mpeg2_read_slice_header()
cbs_mpeg2_free_slice() calls av_buffer_unref() on extra_information_ref,
meaning allocating with av_malloc() was not the intention.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d903c09d9a5c641223f0810d24161520e977544a)
| -rw-r--r-- | libavcodec/cbs_mpeg2_syntax_template.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libavcodec/cbs_mpeg2_syntax_template.c b/libavcodec/cbs_mpeg2_syntax_template.c index 88cf453b17..672ff66141 100644 --- a/libavcodec/cbs_mpeg2_syntax_template.c +++ b/libavcodec/cbs_mpeg2_syntax_template.c @@ -361,10 +361,11 @@ static int FUNC(slice_header)(CodedBitstreamContext *ctx, RWContext *rw, current->extra_information_length = k; if (k > 0) { *rw = start; - current->extra_information = - av_malloc(current->extra_information_length); - if (!current->extra_information) + current->extra_information_ref = + av_buffer_alloc(current->extra_information_length); + if (!current->extra_information_ref) return AVERROR(ENOMEM); + current->extra_information = current->extra_information_ref->data; for (k = 0; k < current->extra_information_length; k++) { xui(1, extra_bit_slice, bit, 0); xui(8, extra_information_slice[k], |