1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00

avformat/avidec: Fix memleak with embedded GAB2 subtitles

The code for GAB2 subtitles predates refcounting AVPackets. So in order
to transfer the ownership of a packet's data pkt->data was simply stored
and the packet zeroed; in the end (i.e. in the read_close-function) this
data was then simply freed with av_freep(). This of course leads to a leak
of an AVBufferRef and an AVBuffer. It has been fixed by keeping and
eventually unreferencing the packet's buf instead.

Additionally, the packet is now reset via av_packet_unref().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit da44bbefaa)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
Andreas Rheinhardt 2020-03-27 08:31:29 +01:00
parent 81e1872b47
commit ebe90fbb74

View File

@ -61,7 +61,7 @@ typedef struct AVIStream {
AVFormatContext *sub_ctx;
AVPacket sub_pkt;
uint8_t *sub_buffer;
AVBufferRef *sub_buffer;
int64_t seek_pos;
} AVIStream;
@ -1118,8 +1118,9 @@ static int read_gab2_sub(AVFormatContext *s, AVStream *st, AVPacket *pkt)
time_base = ast->sub_ctx->streams[0]->time_base;
avpriv_set_pts_info(st, 64, time_base.num, time_base.den);
}
ast->sub_buffer = pkt->data;
memset(pkt, 0, sizeof(*pkt));
ast->sub_buffer = pkt->buf;
pkt->buf = NULL;
av_packet_unref(pkt);
return 1;
error:
@ -1910,7 +1911,7 @@ static int avi_read_close(AVFormatContext *s)
av_freep(&ast->sub_ctx->pb);
avformat_close_input(&ast->sub_ctx);
}
av_freep(&ast->sub_buffer);
av_buffer_unref(&ast->sub_buffer);
av_packet_unref(&ast->sub_pkt);
}
}