aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2019-09-26 22:22:31 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2019-10-16 19:17:57 +0200
commit5ce3c9eadcfcc677d9921cca40c8ec69746bc439 (patch)
tree0b78315678519f9b75e94a32524bdbaf2ced95c3
parent1d3f7e6a7289f554701159ce38d1bb95b2a2f66e (diff)
downloadffmpeg-5ce3c9eadcfcc677d9921cca40c8ec69746bc439.tar.gz
avcodec/smacker: cleanup on errors in smka_decode_frame()
Fixes: multiple memleaks Fixes: 17660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5689769928949760 Fixes: 18064/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5631086809317376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/smacker.c30
1 files changed, 20 insertions, 10 deletions
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index a2950c455b..a81c5e3e6c 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -721,8 +721,10 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
for(i = 0; i <= stereo; i++)
*samples++ = pred[i];
for(; i < unp_size / 2; i++) {
- if(get_bits_left(&gb)<0)
- return AVERROR_INVALIDDATA;
+ if (get_bits_left(&gb) < 0) {
+ ret = AVERROR_INVALIDDATA;
+ goto error;
+ }
if(i & stereo) {
if(vlc[2].table)
res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3);
@@ -730,7 +732,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
res = 0;
if (res < 0) {
av_log(avctx, AV_LOG_ERROR, "invalid vlc\n");
- return AVERROR_INVALIDDATA;
+ ret = AVERROR_INVALIDDATA;
+ goto error;
}
val = h[2].values[res];
if(vlc[3].table)
@@ -739,7 +742,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
res = 0;
if (res < 0) {
av_log(avctx, AV_LOG_ERROR, "invalid vlc\n");
- return AVERROR_INVALIDDATA;
+ ret = AVERROR_INVALIDDATA;
+ goto error;
}
val |= h[3].values[res] << 8;
pred[1] += sign_extend(val, 16);
@@ -751,7 +755,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
res = 0;
if (res < 0) {
av_log(avctx, AV_LOG_ERROR, "invalid vlc\n");
- return AVERROR_INVALIDDATA;
+ ret = AVERROR_INVALIDDATA;
+ goto error;
}
val = h[0].values[res];
if(vlc[1].table)
@@ -760,7 +765,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
res = 0;
if (res < 0) {
av_log(avctx, AV_LOG_ERROR, "invalid vlc\n");
- return AVERROR_INVALIDDATA;
+ ret = AVERROR_INVALIDDATA;
+ goto error;
}
val |= h[1].values[res] << 8;
pred[0] += sign_extend(val, 16);
@@ -773,8 +779,10 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
for(i = 0; i <= stereo; i++)
*samples8++ = pred[i];
for(; i < unp_size; i++) {
- if(get_bits_left(&gb)<0)
- return AVERROR_INVALIDDATA;
+ if (get_bits_left(&gb) < 0) {
+ ret = AVERROR_INVALIDDATA;
+ goto error;
+ }
if(i & stereo){
if(vlc[1].table)
res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3);
@@ -782,7 +790,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
res = 0;
if (res < 0) {
av_log(avctx, AV_LOG_ERROR, "invalid vlc\n");
- return AVERROR_INVALIDDATA;
+ ret = AVERROR_INVALIDDATA;
+ goto error;
}
pred[1] += sign_extend(h[1].values[res], 8);
*samples8++ = pred[1];
@@ -793,7 +802,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
res = 0;
if (res < 0) {
av_log(avctx, AV_LOG_ERROR, "invalid vlc\n");
- return AVERROR_INVALIDDATA;
+ ret = AVERROR_INVALIDDATA;
+ goto error;
}
pred[0] += sign_extend(h[0].values[res], 8);
*samples8++ = pred[0];