avcodec/cbs_sei: Fix leak of AVBufferRef on error

An AVBufferRef (and the corresponding AVBuffer and the underlying actual buffer) would leak in ff_cbs_sei_add_message() on error in case an error happened after its creation and before it has been attached to more permanent storage. Fix this by only creating the AVBufferRef immediately before attaching it to its intended target position. (Given that no SEI message currently created is refcounted, the above can't happen at the moment. But Coverity already nevertheless noticed: This commit fixes Coverity issue #1473521.) Reviewed-by: Mark Thompson <sw@jkqxz.net> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-09 22:11:52 +01:00 · 2021-03-09 22:11:52 +01:00 · 70d226575a
parent 12a9f3fc09
commit 70d226575a
1 changed files with 8 additions and 8 deletions
--- a/libavcodec/cbs_sei.c
+++ b/libavcodec/cbs_sei.c
@ -262,14 +262,6 @@ int ff_cbs_sei_add_message(CodedBitstreamContext *ctx,
    if (!desc)
        return AVERROR(EINVAL);

-    if (payload_buf) {
-        payload_ref = av_buffer_ref(payload_buf);
-        if (!payload_ref)
-            return AVERROR(ENOMEM);
-    } else {
-        payload_ref = NULL;
-    }
-
    // Find an existing SEI unit or make a new one to add to.
    err = cbs_sei_get_unit(ctx, au, prefix, &unit);
    if (err < 0)
@ -285,6 +277,14 @@ int ff_cbs_sei_add_message(CodedBitstreamContext *ctx,
    if (err < 0)
        return err;

+    if (payload_buf) {
+        payload_ref = av_buffer_ref(payload_buf);
+        if (!payload_ref)
+            return AVERROR(ENOMEM);
+    } else {
+        payload_ref = NULL;
+    }
+
    message = &list->messages[list->nb_messages - 1];

    message->payload_type = payload_type;