[vlc-devel] [vlc-commits] picture: fix empty allocation leak

Thomas Guillem thomas at gllm.fr
Thu Mar 1 14:48:45 CET 2018 

On Mon, Feb 26, 2018, at 23:25, Rémi Denis-Courmont wrote:
> vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Mon Feb 
> 26 23:32:45 2018 +0200| [054bcfe4a97449d57d4f701ef642fdd01b3bcca9] | 
> committer: Rémi Denis-Courmont
> 
> picture: fix empty allocation leak

Hello,

This commit break opaque decoder pool allocation when the display is filtered. This is the case of VDPAU for example.

> 
> If the picture has zero planes, pic->p->p_pixels is set to NULL rather
> than the allocated (zero bytes) buffer, leading to a potential leak
> depending on aligned_alloc() implementation.
> 
> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=054bcfe4a97449d57d4f701ef642fdd01b3bcca9
> ---
> 
>  src/misc/picture.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/src/misc/picture.c b/src/misc/picture.c
> index 8af4b250f9..69e7c92ad6 100644
> --- a/src/misc/picture.c
> +++ b/src/misc/picture.c
> @@ -250,7 +250,11 @@ picture_t *picture_NewFromFormat(const 
> video_format_t *restrict fmt)
>      if (unlikely(priv == NULL))
>          return NULL;
>  
> +    priv->gc.destroy = picture_Destroy;
> +
>      picture_t *pic = &priv->picture;
> +    if (pic->i_planes == 0)
> +        return NULL;

I would remove this check

>  
>      /* Calculate how big the new image should be */
>      size_t plane_sizes[PICTURE_PLANE_MAX];
> @@ -269,7 +273,7 @@ picture_t *picture_NewFromFormat(const 
> video_format_t *restrict fmt)
>          goto error;
>  
>      uint8_t *buf = aligned_alloc(16, pic_size);

And do the aligned_alloc only if pic_size > 0.

> -    if (unlikely(pic_size > 0 && buf == NULL))
> +    if (unlikely(buf == NULL))
>          goto error;
>  
>      /* Fill the p_pixels field for each plane */
> @@ -279,7 +283,6 @@ picture_t *picture_NewFromFormat(const 
> video_format_t *restrict fmt)
>          buf += plane_sizes[i];
>      }
>  
> -    priv->gc.destroy = picture_Destroy;
>      return pic;
>  error:
>      free(pic);

Regards,

> 
> _______________________________________________
> vlc-commits mailing list
> vlc-commits at videolan.org
> https://mailman.videolan.org/listinfo/vlc-commits

More information about the vlc-devel mailing list