avcodec/cbs_mpeg2: fix leak of extra_information_slice buffer in cbs_mpeg2_read_slice...
authorJames Almer <jamrial@gmail.com>
Wed, 22 May 2019 01:04:38 +0000 (03:04 +0200)
committerMark Thompson <sw@jkqxz.net>
Tue, 28 May 2019 23:16:41 +0000 (00:16 +0100)
cbs_mpeg2_free_slice() calls av_buffer_unref() on extra_information_ref,
meaning allocating with av_malloc() was not the intention.

Signed-off-by: James Almer <jamrial@gmail.com>
libavcodec/cbs_mpeg2_syntax_template.c

index d753cdc..e0cf716 100644 (file)
@@ -377,10 +377,11 @@ static int FUNC(slice_header)(CodedBitstreamContext *ctx, RWContext *rw,
             current->extra_information_length = k;
             if (k > 0) {
                 *rw = start;
-                current->extra_information =
-                    av_malloc(current->extra_information_length);
-                if (!current->extra_information)
+                current->extra_information_ref =
+                    av_buffer_alloc(current->extra_information_length);
+                if (!current->extra_information_ref)
                     return AVERROR(ENOMEM);
+                current->extra_information = current->extra_information_ref->data;
                 for (k = 0; k < current->extra_information_length; k++) {
                     xui(1, extra_bit_slice, bit, 1, 1, 0);
                     xui(8, extra_information_slice[k],