Opened 3 years ago

Last modified 3 years ago

#4908 new defect

Memory leak in ff_img_read_header() with custom io

Reported by: personalmountains Owned by:
Priority: normal Component: avformat
Version: unspecified Keywords: leak
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

This patch changed probe_buffer from an array to a pointer allocated with av_realloc(). It was correctly freed at the end of the block. However, that one buried the av_free() call into ffio_rewind_with_probe_data().

Unsurprisingly, a subsequent patch made it so this call is skipped in the case of custom io, so the buffer is never freed. A simple av_free() after the call to avio_seek() on img2dec.c:346 might do the job.

int probe_buffer_size = 2048;
uint8_t *probe_buffer = av_realloc(NULL, probe_buffer_size + AVPROBE_PADDING_SIZE);

// ...

if (s1->flags & AVFMT_FLAG_CUSTOM_IO) {
    // this leaks probe_buffer because av_free() isn't called
    avio_seek(s1->pb, 0, SEEK_SET);
} else
    ffio_rewind_with_probe_data(s1->pb, &probe_buffer, probe_buffer_size);

Change History (1)

comment:1 Changed 3 years ago by cehoyos

  • Keywords memory removed

Please either send your patch fixing the leak to the development mailing list or provide code that allows to reproduce the issue, patches are ignored on this bug tracker.

Note: See TracTickets for help on using tickets.