From 70d226575ad8d3953e10a3233257f6e37ad35591 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Tue, 9 Mar 2021 22:11:52 +0100 Subject: [PATCH] avcodec/cbs_sei: Fix leak of AVBufferRef on error An AVBufferRef (and the corresponding AVBuffer and the underlying actual buffer) would leak in ff_cbs_sei_add_message() on error in case an error happened after its creation and before it has been attached to more permanent storage. Fix this by only creating the AVBufferRef immediately before attaching it to its intended target position. (Given that no SEI message currently created is refcounted, the above can't happen at the moment. But Coverity already nevertheless noticed: This commit fixes Coverity issue #1473521.) Reviewed-by: Mark Thompson Signed-off-by: Andreas Rheinhardt --- libavcodec/cbs_sei.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libavcodec/cbs_sei.c b/libavcodec/cbs_sei.c index 2a96db9674..141e97ec58 100644 --- a/libavcodec/cbs_sei.c +++ b/libavcodec/cbs_sei.c @@ -262,14 +262,6 @@ int ff_cbs_sei_add_message(CodedBitstreamContext *ctx, if (!desc) return AVERROR(EINVAL); - if (payload_buf) { - payload_ref = av_buffer_ref(payload_buf); - if (!payload_ref) - return AVERROR(ENOMEM); - } else { - payload_ref = NULL; - } - // Find an existing SEI unit or make a new one to add to. err = cbs_sei_get_unit(ctx, au, prefix, &unit); if (err < 0) @@ -285,6 +277,14 @@ int ff_cbs_sei_add_message(CodedBitstreamContext *ctx, if (err < 0) return err; + if (payload_buf) { + payload_ref = av_buffer_ref(payload_buf); + if (!payload_ref) + return AVERROR(ENOMEM); + } else { + payload_ref = NULL; + } + message = &list->messages[list->nb_messages - 1]; message->payload_type = payload_type;