[Theora-dev] Re: Small memory leak...

Ralph Giles giles at xiph.org
Thu Oct 27 16:09:45 PDT 2005


On Thu, Oct 27, 2005 at 12:38:20PM +0200, Mat wrote:

> If I put  _ogg_free(op.packet)  before  theora_clear( &td )  I get 
> segfault  in  theora_clear(), if I put it  after I get segfault in 
> _ogg_free(op.packet) ...
> Argh... I can't get the point :(

You want to call _ogg_free(op.packet) on line 196, after you call
ogg_stream_packetin() which copies the comment packet data into
the ogg stream state, but before you call theora_encode_tables(),
which overwrites op.packet with a new buffer, causing the leak.

The theora_encode_tables() call doesn't allocate a separate buffer
and instead uses internal storage in the theora_state struct, which
is properly freed by theora_encoder_clear(); thus calling free
on the packet buffer after theora_encode_tables() is a double free 
whether you do it before or after encoder_clear().

> If I look in:
>    libtheora-1.0alpha5\lib\toplevel.c : 90 [ theora_encoder_clear call ]
>    libtheora-1.0alpha5\lib\encoder_toplevel.c : 1191 [ 
> oggpackB_writeclear call ]
> it seems that the packet is free'd...

That frees the temporary oggpack_buffer used to construct the results; 
it's the ogg_packet.packet buffer allocated on line 1125, into which the
contents of the oggpack_buffer is copied that the library isn't properly
freeing.

 -r


More information about the Theora-dev mailing list