GitBross 首頁 探索 說明
註冊 登入
sol_BMCMMXZh
/
FFmpeg
镜像来自 https://github.com/FFmpeg/FFmpeg
1
3
複刻 0
Files 問題管理 1 Wiki
瀏覽代碼

avcodec/decode: Fix leaks upon subtitle decoding errors

Up until now, various subtitle decoders have not cleaned up
the AVSubtitle on error; this task must not be left to the user
because the documentation explicitly states that the AVSubtitle
"must be freed with avsubtitle_free if *got_sub_ptr is set"
(which it isn't on error).
Leaks happen upon failure in ff_ass_add_rect() or in
ass_decode_frame(); freeing generically also allows to remove
now redundant freeing code in pgssubdec and dvbsubdec.
While just at it, also reset got_sub_ptr generically on error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Andreas Rheinhardt 4 年之前
父節點
d59f454ed2
當前提交
cee04cbfe1
共有 3 個文件被更改,包括 9 次插入11 次删除
分割檢視 顯示文件統計
  1. 8 5
      libavcodec/decode.c
  2. 0 2
      libavcodec/dvbsubdec.c
  3. 1 4
      libavcodec/pgssubdec.c

+ 8 - 5
libavcodec/decode.c
查看文件 

@@ -834,8 +834,14 @@ int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub,
 
             sub->pts = av_rescale_q(avpkt->pts,
 
                                     avctx->pkt_timebase, AV_TIME_BASE_Q);
 
         ret = avctx->codec->decode(avctx, sub, got_sub_ptr, pkt);
 
-        av_assert1((ret >= 0) >= !!*got_sub_ptr &&
 
-                   !!*got_sub_ptr >= !!sub->num_rects);
 
+        if (pkt == avci->buffer_pkt) // did we recode?
 
+            av_packet_unref(avci->buffer_pkt);
 
+        if (ret < 0) {
 
+            *got_sub_ptr = 0;
 
+            avsubtitle_free(sub);
 
+            return ret;
 
+        }
 
+        av_assert1(!sub->num_rects || *got_sub_ptr);
 
 
         if (sub->num_rects && !sub->end_display_time && avpkt->duration &&
 
             avctx->pkt_timebase.num) {
 
@@ -863,9 +869,6 @@ int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub,
 
 
         if (*got_sub_ptr)
 
             avctx->frame_number++;
 
-
 
-        if (pkt == avci->buffer_pkt) // did we recode?
 
-            av_packet_unref(avci->buffer_pkt);
 
     }
 
 
     return ret;

+ 0 - 2
libavcodec/dvbsubdec.c
查看文件 

@@ -1715,8 +1715,6 @@ static int dvbsub_decode(AVCodecContext *avctx,
 
 
 end:
 
     if (ret < 0) {
 
-        *got_sub_ptr = 0;
 
-        avsubtitle_free(sub);
 
         return ret;
 
     } else {
 
         if (ctx->compute_edt == 1)

+ 1 - 4
libavcodec/pgssubdec.c
查看文件 

@@ -667,11 +667,8 @@ static int decode(AVCodecContext *avctx, void *data, int *got_sub_ptr,
 
             break;
 
         }
 
         if (ret < 0 && (ret == AVERROR(ENOMEM) ||
 
-                        avctx->err_recognition & AV_EF_EXPLODE)) {
 
-            avsubtitle_free(data);
 
-            *got_sub_ptr = 0;
 
+                        avctx->err_recognition & AV_EF_EXPLODE))
 
             return ret;
 
-        }
 
 
         buf += segment_length;
 
     }