From 60392480181f24ebf3ab48d8ac3614705de90152 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= Date: Mon, 26 Jan 2015 21:17:31 +0200 Subject: [PATCH] mem: fix pointer pointer aliasing violations This uses explicit memory copying to read and write pointer to pointers of arbitrary object types. This works provided that the architecture uses the same representation for all pointer types (the previous code made that assumption already anyway). Signed-off-by: Luca Barbato --- libavutil/mem.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/libavutil/mem.c b/libavutil/mem.c index b7bb65c139..15c28808c1 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -139,21 +139,22 @@ void *av_realloc(void *ptr, size_t size) int av_reallocp(void *ptr, size_t size) { - void **ptrptr = ptr; - void *ret; + void *val; if (!size) { av_freep(ptr); return 0; } - ret = av_realloc(*ptrptr, size); - if (!ret) { + memcpy(&val, ptr, sizeof(val)); + val = av_realloc(val, size); + + if (!val) { av_freep(ptr); return AVERROR(ENOMEM); } - *ptrptr = ret; + memcpy(ptr, &val, sizeof(val)); return 0; } @@ -166,20 +167,23 @@ void *av_realloc_array(void *ptr, size_t nmemb, size_t size) int av_reallocp_array(void *ptr, size_t nmemb, size_t size) { - void **ptrptr = ptr; - void *ret; + void *val; + if (!size || nmemb >= INT_MAX / size) return AVERROR(ENOMEM); if (!nmemb) { av_freep(ptr); return 0; } - ret = av_realloc(*ptrptr, nmemb * size); - if (!ret) { + + memcpy(&val, ptr, sizeof(val)); + val = av_realloc(val, nmemb * size); + if (!val) { av_freep(ptr); return AVERROR(ENOMEM); } - *ptrptr = ret; + + memcpy(ptr, &val, sizeof(val)); return 0; } @@ -197,9 +201,11 @@ void av_free(void *ptr) void av_freep(void *arg) { - void **ptr = (void **)arg; - av_free(*ptr); - *ptr = NULL; + void *val; + + memcpy(&val, arg, sizeof(val)); + memcpy(arg, &(void *){ NULL }, sizeof(val)); + av_free(val); } void *av_mallocz(size_t size)