aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorJames Almer <jamrial@gmail.com>2016-11-19 12:38:44 -0300
committerJames Almer <jamrial@gmail.com>2016-11-19 20:23:25 -0300
commit574929d8b6de32ae712fcca7ab09f01a3e4616be (patch)
tree5a002d5dce5144f44db5ad73ab72af0350a43048 /libavcodec
parent0ffea3565700c9b3093ead285f729bb319a2163e (diff)
downloadffmpeg-574929d8b6de32ae712fcca7ab09f01a3e4616be.tar.gz
avcodec/avpacket: fix leak on realloc in av_packet_add_side_data()
If realloc fails, the pointer is overwritten and the previously allocated buffer is leaked, which goes against the expected behavior of keeping the packet unchanged in case of error. Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com>
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/avpacket.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index c3f871c347..e5a8bdbe42 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -295,16 +295,17 @@ FF_ENABLE_DEPRECATION_WARNINGS
int av_packet_add_side_data(AVPacket *pkt, enum AVPacketSideDataType type,
uint8_t *data, size_t size)
{
+ AVPacketSideData *tmp;
int elems = pkt->side_data_elems;
if ((unsigned)elems + 1 > INT_MAX / sizeof(*pkt->side_data))
return AVERROR(ERANGE);
- pkt->side_data = av_realloc(pkt->side_data,
- (elems + 1) * sizeof(*pkt->side_data));
- if (!pkt->side_data)
+ tmp = av_realloc(pkt->side_data, (elems + 1) * sizeof(*tmp));
+ if (!tmp)
return AVERROR(ENOMEM);
+ pkt->side_data = tmp;
pkt->side_data[elems].data = data;
pkt->side_data[elems].size = size;
pkt->side_data[elems].type = type;