aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/vcr1.c
diff options
context:
space:
mode:
authorAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2019-12-16 01:04:09 +0100
committerSteven Liu <lq@chinaffmpeg.org>2019-12-23 14:05:43 +0800
commit149ee954a32334902a20c6a1b58ac5fe91114ff6 (patch)
treeca4a714bd5752caa884a132fda63ff559251b521 /libavcodec/vcr1.c
parentbd131b64bc308ab036d0bbe9da0a49f482ef94f9 (diff)
downloadffmpeg-149ee954a32334902a20c6a1b58ac5fe91114ff6.tar.gz
avformat/hlsenc: Fix potential segfault upon allocation failure
The hls muxer allocates an array of VariantStreams, a structure that contains pointers to objects that need to be freed on their own. This means that the number of allocated VariantStreams needs to be correct when they are freed; yet the number of VariantStreams is set in update_variant_stream_info() resp. parse_variant_stream_mapstring() before the allocation has been checked for success, so that upon error an attempt would be made to free the objects whose pointers are positioned at position NULL (the location of VariantStreams) + offsetof(VariantStream, the corresponding pointer). Furthermore d1fe1344 added another possibility for the first function to leave an inconsistent state behind: If an allocation of one of the objects referenced by the VariantStream fails, the VariantStream will be freed, but the number of allocated VariantStreams isn't reset, leading to the same problem as above. (This was done in the mistaken belief that the VariantStreams array would leak otherwise.) Essentially the same also happens for the number of cc-streams. It has been fixed, too. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Steven Liu <lq@onvideo.cn>
Diffstat (limited to 'libavcodec/vcr1.c')
0 files changed, 0 insertions, 0 deletions