From 5994b30257415fc7d0b2a9b74e99eccdc98a305a Mon Sep 17 00:00:00 2001 From: Thiago Santos Date: Tue, 7 Jul 2015 21:31:08 -0300 Subject: [PATCH] qtdemux: fix leak by flushing previous sample info from trak In fragmented streaming, multiple moov/moof will be parsed and their previously stored samples array might leak when new values are parsed. The parse_trak and callees won't free the previously stored values before parsing the new ones. In step-by-step, this is what happens: 1) initial moov is parsed, traks as well, streams are created. The trak doesn't contain samples because they are in the moof's trun boxes. n_samples is set to 0 while parsing the trak and the samples array is still NULL. 2) moofs are parsed, and their trun boxes will increase n_samples and create/extend the samples array 3) At some point a new moov might be sent (bitrate switching, for example) and parsing the trak will overwrite n_samples with the values from this trak. If the n_samples is set to 0 qtdemux will assume that the samples array is NULL and will leak it when a new one is created for the subsequent moofs. This patch makes qtdemux properly free previous sample data before creating new ones and adds an assert to catch future occurrences of this issue when the code changes. --- gst/isomp4/qtdemux.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c index 52053f8cee..d35265342a 100644 --- a/gst/isomp4/qtdemux.c +++ b/gst/isomp4/qtdemux.c @@ -2680,10 +2680,11 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun, sizeof (QtDemuxSample) / (1024.0 * 1024.0)); /* create a new array of samples if it's the first sample parsed */ - if (stream->n_samples == 0) + if (stream->n_samples == 0) { + g_assert (stream->samples == NULL); stream->samples = g_try_new0 (QtDemuxSample, samples_count); - /* or try to reallocate it with space enough to insert the new samples */ - else + /* or try to reallocate it with space enough to insert the new samples */ + } else stream->samples = g_try_renew (QtDemuxSample, stream->samples, stream->n_samples + samples_count); if (stream->samples == NULL) @@ -6772,6 +6773,7 @@ qtdemux_stbl_init (GstQTDemux * qtdemux, QtDemuxStream * stream, GNode * stbl) return FALSE; } + g_assert (stream->samples == NULL); stream->samples = g_try_new0 (QtDemuxSample, stream->n_samples); if (!stream->samples) { GST_WARNING_OBJECT (qtdemux, "failed to allocate %d samples", @@ -7817,6 +7819,9 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) GST_WARNING_OBJECT (qtdemux, "Stream not found, going to ignore it"); goto skip_track; } + + /* flush samples data from this track from previous moov */ + gst_qtdemux_stream_flush_samples_data (qtdemux, stream); } if (stream->pending_tags == NULL)