From 22ecfcd4c79cdf812fdf406525ddf0fd1f7114e4 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Wed, 22 Jul 2015 11:30:37 +0200 Subject: [PATCH] af_channelmap: properly set the supported output channel layouts The current code expects query_formats() to be called exactly once, it will leak if it's not called at all (filter initialized, but never configured or used) or try to read freed memory if it's called more than once. Found-by: James Almer CC: libav-stable@libav.org --- libavfilter/af_channelmap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavfilter/af_channelmap.c b/libavfilter/af_channelmap.c index 3035405f5d..572549808f 100644 --- a/libavfilter/af_channelmap.c +++ b/libavfilter/af_channelmap.c @@ -57,7 +57,6 @@ enum MappingMode { #define MAX_CH 64 typedef struct ChannelMapContext { const AVClass *class; - AVFilterChannelLayouts *channel_layouts; char *mapping_str; char *channel_layout_str; uint64_t output_layout; @@ -276,8 +275,6 @@ static av_cold int channelmap_init(AVFilterContext *ctx) return AVERROR(EINVAL); } - ff_add_channel_layout(&s->channel_layouts, s->output_layout); - if (mode == MAP_PAIR_INT_STR || mode == MAP_PAIR_STR_STR) { for (i = 0; i < s->nch; i++) { s->map[i].out_channel_idx = av_get_channel_layout_channel_index( @@ -291,11 +288,14 @@ static av_cold int channelmap_init(AVFilterContext *ctx) static int channelmap_query_formats(AVFilterContext *ctx) { ChannelMapContext *s = ctx->priv; + AVFilterChannelLayouts *channel_layouts = NULL; + + ff_add_channel_layout(&channel_layouts, s->output_layout); ff_set_common_formats(ctx, ff_planar_sample_fmts()); ff_set_common_samplerates(ctx, ff_all_samplerates()); ff_channel_layouts_ref(ff_all_channel_layouts(), &ctx->inputs[0]->out_channel_layouts); - ff_channel_layouts_ref(s->channel_layouts, &ctx->outputs[0]->in_channel_layouts); + ff_channel_layouts_ref(channel_layouts, &ctx->outputs[0]->in_channel_layouts); return 0; }