From b1fcdc08ceb5df69fac34aa0d57c56905d32b8b4 Mon Sep 17 00:00:00 2001 From: Derek Buitenhuis Date: Tue, 22 Oct 2013 16:11:11 +0100 Subject: [PATCH] nut: Fix unchecked allocations CC: libav-stable@libav.org Signed-off-by: Derek Buitenhuis --- libavformat/nut.c | 10 +++++++++- libavformat/nut.h | 2 +- libavformat/nutdec.c | 5 ++++- libavformat/nutenc.c | 3 ++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/libavformat/nut.c b/libavformat/nut.c index 2e1d129ed7..d9a042bca0 100644 --- a/libavformat/nut.c +++ b/libavformat/nut.c @@ -185,11 +185,17 @@ int ff_nut_sp_pts_cmp(const Syncpoint *a, const Syncpoint *b) return ((a->ts - b->ts) >> 32) - ((b->ts - a->ts) >> 32); } -void ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts) +int ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts) { Syncpoint *sp = av_mallocz(sizeof(Syncpoint)); struct AVTreeNode *node = av_tree_node_alloc(); + if (!sp || !node) { + av_freep(&sp); + av_freep(&node); + return AVERROR(ENOMEM); + } + sp->pos = pos; sp->back_ptr = back_ptr; sp->ts = ts; @@ -198,6 +204,8 @@ void ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts) av_free(sp); av_free(node); } + + return 0; } static int enu_free(void *opaque, void *elem) diff --git a/libavformat/nut.h b/libavformat/nut.h index 6eddc96840..6357b3d2b1 100644 --- a/libavformat/nut.h +++ b/libavformat/nut.h @@ -118,7 +118,7 @@ void ff_nut_reset_ts(NUTContext *nut, AVRational time_base, int64_t val); int64_t ff_lsb2full(StreamContext *stream, int64_t lsb); int ff_nut_sp_pos_cmp(const Syncpoint *a, const Syncpoint *b); int ff_nut_sp_pts_cmp(const Syncpoint *a, const Syncpoint *b); -void ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts); +int ff_nut_add_sp(NUTContext *nut, int64_t pos, int64_t back_ptr, int64_t ts); void ff_nut_free_sp(NUTContext *nut); extern const Dispositions ff_nut_dispositions[]; diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c index cc5869ed48..6328549d7a 100644 --- a/libavformat/nutdec.c +++ b/libavformat/nutdec.c @@ -532,6 +532,7 @@ static int decode_syncpoint(NUTContext *nut, int64_t *ts, int64_t *back_ptr) AVFormatContext *s = nut->avf; AVIOContext *bc = s->pb; int64_t end, tmp; + int ret; nut->last_syncpoint_pos = avio_tell(bc) - 8; @@ -553,7 +554,9 @@ static int decode_syncpoint(NUTContext *nut, int64_t *ts, int64_t *back_ptr) *ts = tmp / s->nb_streams * av_q2d(nut->time_base[tmp % s->nb_streams]) * AV_TIME_BASE; - ff_nut_add_sp(nut, nut->last_syncpoint_pos, *back_ptr, *ts); + + if ((ret = ff_nut_add_sp(nut, nut->last_syncpoint_pos, *back_ptr, *ts)) < 0) + return ret; return 0; } diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c index 8977e7265d..acce86c584 100644 --- a/libavformat/nutenc.c +++ b/libavformat/nutenc.c @@ -815,7 +815,8 @@ static int nut_write_packet(AVFormatContext *s, AVPacket *pkt) ff_put_v(dyn_bc, sp ? (nut->last_syncpoint_pos - sp->pos) >> 4 : 0); put_packet(nut, bc, dyn_bc, 1, SYNCPOINT_STARTCODE); - ff_nut_add_sp(nut, nut->last_syncpoint_pos, 0 /*unused*/, pkt->dts); + if ((ret = ff_nut_add_sp(nut, nut->last_syncpoint_pos, 0 /*unused*/, pkt->dts)) < 0) + return ret; } assert(nus->last_pts != AV_NOPTS_VALUE);