diff options
| author | Anton Khirnov <anton@khirnov.net> | 2013-11-28 10:54:35 +0100 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2014-02-02 12:44:20 -0500 |
| commit | 6a56d16dc1368b9fe2ac5667c898684be3045d2e (patch) | |
| tree | 35bfc6c927afc18097e2039ecb5084d105777e6e | |
| parent | 23144c5f060de1863859308eab4bc888b817840c (diff) | |
| download | ffmpeg-6a56d16dc1368b9fe2ac5667c898684be3045d2e.tar.gz | |
segafilm: fix leaks if reading the header fails
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 6892d145a0c80249bd61ee7dd31ec851c5076bcd)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit f728782c0d30433efa11f1238a16aed994e9b563)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavformat/segafilm.c
| -rw-r--r-- | libavformat/segafilm.c | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index d5aaf11d38..386fd7ebd0 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -75,6 +75,16 @@ static int film_probe(AVProbeData *p) return AVPROBE_SCORE_MAX; } +static int film_read_close(AVFormatContext *s) +{ + FilmDemuxContext *film = s->priv_data; + + av_freep(&film->sample_table); + av_freep(&film->stereo_buffer); + + return 0; +} + static int film_read_header(AVFormatContext *s, AVFormatParameters *ap) { @@ -82,7 +92,7 @@ static int film_read_header(AVFormatContext *s, AVIOContext *pb = s->pb; AVStream *st; unsigned char scratch[256]; - int i; + int i, ret; unsigned int data_offset; unsigned int audio_frame_counter; @@ -209,14 +219,16 @@ static int film_read_header(AVFormatContext *s, for (i = 0; i < film->sample_count; i++) { /* load the next sample record and transfer it to an internal struct */ if (avio_read(pb, scratch, 16) != 16) { - av_free(film->sample_table); - return AVERROR(EIO); + ret = AVERROR(EIO); + goto fail; } film->sample_table[i].sample_offset = data_offset + AV_RB32(&scratch[0]); film->sample_table[i].sample_size = AV_RB32(&scratch[4]); - if (film->sample_table[i].sample_size > INT_MAX / 4) - return AVERROR_INVALIDDATA; + if (film->sample_table[i].sample_size > INT_MAX / 4) { + ret = AVERROR_INVALIDDATA; + goto fail; + } if (AV_RB32(&scratch[8]) == 0xFFFFFFFF) { film->sample_table[i].stream = film->audio_stream_index; film->sample_table[i].pts = audio_frame_counter; @@ -239,6 +251,9 @@ static int film_read_header(AVFormatContext *s, film->current_sample = 0; return 0; +fail: + film_read_close(s); + return ret; } static int film_read_packet(AVFormatContext *s, @@ -317,16 +332,6 @@ static int film_read_packet(AVFormatContext *s, return ret; } -static int film_read_close(AVFormatContext *s) -{ - FilmDemuxContext *film = s->priv_data; - - av_free(film->sample_table); - av_free(film->stereo_buffer); - - return 0; -} - AVInputFormat ff_segafilm_demuxer = { .name = "film_cpk", .long_name = NULL_IF_CONFIG_SMALL("Sega FILM/CPK format"), |