From f2192e0f0399c7cbb1ac3f311726f2fa9cdf1dba Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 8 Sep 2016 18:11:30 +0200 Subject: [PATCH] avcodec/alsdec: Fix raw_mantissa memleak Fixes: 0cee183a09bff5aa5108429717c35a4d/asan_heap-oob_1d99eca_3702_9ef60e80de79082a778d3d9ce8ef3b64.mp4 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/alsdec.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index c31f733967..1bb71f5a47 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -1887,6 +1887,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame_ptr, static av_cold int decode_end(AVCodecContext *avctx) { ALSDecContext *ctx = avctx->priv_data; + int i; av_freep(&ctx->sconf.chan_pos); @@ -1920,7 +1921,12 @@ static av_cold int decode_end(AVCodecContext *avctx) av_freep(&ctx->last_acf_mantissa); av_freep(&ctx->shift_value); av_freep(&ctx->last_shift_value); - av_freep(&ctx->raw_mantissa); + if (ctx->raw_mantissa) { + for (i = 0; i < avctx->channels; i++) { + av_freep(&ctx->raw_mantissa[i]); + } + av_freep(&ctx->raw_mantissa); + } av_freep(&ctx->larray); av_freep(&ctx->nbits); @@ -2064,7 +2070,7 @@ static av_cold int decode_init(AVCodecContext *avctx) ctx->shift_value = av_malloc_array(avctx->channels, sizeof(*ctx->shift_value)); ctx->last_shift_value = av_malloc_array(avctx->channels, sizeof(*ctx->last_shift_value)); ctx->last_acf_mantissa = av_malloc_array(avctx->channels, sizeof(*ctx->last_acf_mantissa)); - ctx->raw_mantissa = av_malloc_array(avctx->channels, sizeof(*ctx->raw_mantissa)); + ctx->raw_mantissa = av_mallocz_array(avctx->channels, sizeof(*ctx->raw_mantissa)); ctx->larray = av_malloc_array(ctx->cur_frame_length * 4, sizeof(*ctx->larray)); ctx->nbits = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits)); -- 2.11.0