avformat/id3v2: Fix double-free on error

ff_id3v2_parse_priv_dict() uses av_dict_set() with the flags AV_DICT_DONT_STRDUP_KEY and AV_DICT_DONT_STRDUP_VAL. In this case both key and value are freed on error (and owned by the destination dictionary on success), so that freeing them again on error is a double-free and therefore forbidden. But it nevertheless happened. Fixes CID 1452489 and 1452421. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> 2019-11-10 05:07:28 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-12-10 16:09:14 +0100
commit: 67d4940a7795aa3afc8d1e624de33b030e0be51e (patch)
tree: e1a58b54c00d95ecac3f1db685a12283a5777401 /libavformat/id3v2.c
parent: e73688eff43727eb79eb344a4def49540d463902 (diff)
download: ffmpeg-67d4940a7795aa3afc8d1e624de33b030e0be51e.tar.gz
1 files changed, 0 insertions, 2 deletions
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 7bae036635..abe073dcc1 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -1264,8 +1264,6 @@ int ff_id3v2_parse_priv_dict(AVDictionary **metadata, ID3v2ExtraMeta **extra_met
             }
 
             if ((ret = av_dict_set(metadata, key, escaped, dict_flags)) < 0) {
-                av_free(key);
-                av_free(escaped);
                 return ret;
             }
         }
author	Andreas Rheinhardt <andreas.rheinhardt@gmail.com>	2019-11-10 05:07:28 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-12-10 16:09:14 +0100
commit	67d4940a7795aa3afc8d1e624de33b030e0be51e (patch)
tree	e1a58b54c00d95ecac3f1db685a12283a5777401 /libavformat/id3v2.c
parent	e73688eff43727eb79eb344a4def49540d463902 (diff)
download	ffmpeg-67d4940a7795aa3afc8d1e624de33b030e0be51e.tar.gz