Google Git
Sign in
chromium / chromium / third_party / ffmpeg / a86ee5fd79840dc4af3e3f5c90ff8ce19b9ae993
commita86ee5fd79840dc4af3e3f5c90ff8ce19b9ae993[log] [tgz]
authorAndreas Rheinhardt <andreas.rheinhardt@gmail.com>Fri Aug 07 12:42:57 2020
committerAndreas Rheinhardt <andreas.rheinhardt@gmail.com>Sun Aug 23 21:29:58 2020
tree150c0e3a416d9385ccb5d9108bac5beb34e84953
parent07240c36c2912cea96dd9d11c8e3ed27995a2b3c [diff]
avfilter/vf_overlay: Fix double-free of AVFilterFormats on error

The query_formats function of the overlay filter tries to allocate
two lists (only one in a special case) of formats which on success
are attached to more permanent objects (AVFilterLinks) for storage
afterwards. If attaching a list to an AVFilterLink succeeds, it is
in turn owned by the AVFilterLink (or more exactly, the AVFilterLink
becomes one of the common owners of the list). Yet if attaching a list
to one of its links succeeds and an error happens lateron, both lists
were manually freed, whic is wrong if the list is already owned by one
or more links; these links' pointers to their lists will become dangling
and there will be a double-free/use-after-free when these links are
cleaned up automatically.

This commit fixes this by removing the custom freeing code; this will
temporarily add a leaking codepath (if attaching a list not already
owned by a link to a link fails, the list will leak), but this will
be fixed soon by making sure that an AVFilterFormats without owner will
be automatically freed when attaching it to an AVFilterLink fails.
Notice that at most one list leaks because a new list is only allocated
after the old list has been successfully attached to a link.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
1 file changed
tree: 150c0e3a416d9385ccb5d9108bac5beb34e84953
  1. compat/
  2. doc/
  3. ffbuild/
  4. fftools/
  5. libavcodec/
  6. libavdevice/
  7. libavfilter/
  8. libavformat/
  9. libavresample/
  10. libavutil/
  11. libpostproc/
  12. libswresample/
  13. libswscale/
  14. presets/
  15. tests/
  16. tools/
  17. .gitattributes
  18. .gitignore
  19. .mailmap
  20. .travis.yml
  21. Changelog
  22. configure
  23. CONTRIBUTING.md
  24. COPYING.GPLv2
  25. COPYING.GPLv3
  26. COPYING.LGPLv2.1
  27. COPYING.LGPLv3
  28. CREDITS
  29. INSTALL.md
  30. LICENSE.md
  31. MAINTAINERS
  32. Makefile
  33. README.md
  34. RELEASE
README.md

FFmpeg README

FFmpeg is a collection of libraries and tools to process multimedia content such as audio, video, subtitles and related metadata.

Libraries

  • libavcodec provides implementation of a wider range of codecs.
  • libavformat implements streaming protocols, container formats and basic I/O access.
  • libavutil includes hashers, decompressors and miscellaneous utility functions.
  • libavfilter provides a mean to alter decoded Audio and Video through chain of filters.
  • libavdevice provides an abstraction to access capture and playback devices.
  • libswresample implements audio mixing and resampling routines.
  • libswscale implements color conversion and scaling routines.

Tools

  • ffmpeg is a command line toolbox to manipulate, convert and stream multimedia content.
  • ffplay is a minimalistic multimedia player.
  • ffprobe is a simple analysis tool to inspect multimedia content.
  • Additional small tools such as aviocat, ismindex and qt-faststart.

Documentation

The offline documentation is available in the doc/ directory.

The online documentation is available in the main website and in the wiki.

Examples

Coding examples are available in the doc/examples directory.

License

FFmpeg codebase is mainly LGPL-licensed with optional components licensed under GPL. Please refer to the LICENSE file for detailed information.

Contributing

Patches should be submitted to the ffmpeg-devel mailing list using git format-patch or git send-email. Github pull requests should be avoided because they are not part of our review process and will be ignored.