[BUG] Memory leak in free_sub_track(): blockaddition and message buffer never freed for WebVTT tracks #2247
Description
Description
In src/lib_ccx/matroska.c, the function free_sub_track()
iterates over all sentences and frees sentence->text and
the sentence itself, but never frees sentence->blockaddition
or the backing message buffer that was allocated in
parse_segment_cluster_block_group_block_additions().
Affected Code
src/lib_ccx/matroska.c — function free_sub_track()
Root Cause
In parse_segment_cluster_block_group_block_additions(),
a message buffer is allocated via read_bytes_signed()
and a block_addition struct is allocated via calloc().
The fields cue_settings_list, cue_identifier, and
comment are pointers into that message buffer.
In free_sub_track(), neither the block_addition struct
nor the message buffer are ever freed, causing a memory
leak on every WebVTT subtitle that contains BlockAdditions.
Steps to Reproduce
Process any .mkv file containing WebVTT subtitle tracks
with BlockAdditions (cue settings, identifiers, or comments).
Run with a memory checker such as Valgrind — leaks will be
reported for every such subtitle block.
Expected Behavior
All allocated memory should be freed when a subtitle track
is released.
Fix
Free sentence->blockaddition->cue_settings_list (the
backing message buffer) and sentence->blockaddition
inside the loop in free_sub_track().