aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2021-03-20 07:43:09 +0100
committerAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2021-03-22 08:17:10 +0100
commit2a5c577ef347c9d947f3421c51e01cb88d7aa452 (patch)
treebd289b50c398f5a1814d2f679c2ab111a350ac99
parent8f099e3a67655fc498e44bb3a33961120449f866 (diff)
downloadffmpeg-2a5c577ef347c9d947f3421c51e01cb88d7aa452.tar.gz
avformat/pp_bnk: Fix memleaks when reading non-stereo tracks
Commit 6973df112275c8ea4af0bf3cb1338baecc1d06b3 added support for music tracks by outputting its two containing tracks together in one packet. But the actual data is not contiguous in the file and therefore one can't simply use av_get_packet() (which has been used before) for it. Therefore the packet was now allocated via av_new_packet() and read via avio_read(); and this is also for non-music files. This causes problems because one can now longer rely on things done automatically by av_get_packet(): It automatically freed the packet in case of errors; this lead to memleaks in several FATE-tests covering this demuxer. Furthermore, in case the data read is less than the data desired, the returned packet was not zero-allocated (the packet's padding was uninitialized); for music files the actual data could even be uninitialized. The former problems are fixed by using av_get_packet() for non-music files; the latter problem is handled by erroring out unless both tracks could be fully read. Reviewed-by: Zane van Iperen <zane@zanevaniperen.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 8a73313412eeafcfa5afa45f39f65f2581ba3bbc)
-rw-r--r--libavformat/pp_bnk.c38
1 files changed, 16 insertions, 22 deletions
diff --git a/libavformat/pp_bnk.c b/libavformat/pp_bnk.c
index 4aa77c1c9d..5c89295d27 100644
--- a/libavformat/pp_bnk.c
+++ b/libavformat/pp_bnk.c
@@ -265,28 +265,24 @@ static int pp_bnk_read_packet(AVFormatContext *s, AVPacket *pkt)
size = FFMIN(trk->data_size - trk->bytes_read, PP_BNK_MAX_READ_SIZE);
- if (!ctx->is_music)
- ret = av_new_packet(pkt, size);
- else if (ctx->current_track == 0)
- ret = av_new_packet(pkt, size * 2);
- else
- ret = 0;
-
- if (ret < 0)
- return ret;
-
- if (ctx->is_music)
+ if (!ctx->is_music) {
+ ret = av_get_packet(s->pb, pkt, size);
+ if (ret == AVERROR_EOF) {
+ /* If we've hit EOF, don't attempt this track again. */
+ trk->data_size = trk->bytes_read;
+ continue;
+ }
+ } else {
+ if (!pkt->data && (ret = av_new_packet(pkt, size * 2)) < 0)
+ return ret;
ret = avio_read(s->pb, pkt->data + size * ctx->current_track, size);
- else
- ret = avio_read(s->pb, pkt->data, size);
-
- if (ret == AVERROR_EOF) {
- /* If we've hit EOF, don't attempt this track again. */
- trk->data_size = trk->bytes_read;
- continue;
- } else if (ret < 0) {
- return ret;
+ if (ret >= 0 && ret != size) {
+ /* Only return stereo packets if both tracks could be read. */
+ ret = AVERROR_EOF;
+ }
}
+ if (ret < 0)
+ return ret;
trk->bytes_read += ret;
pkt->flags &= ~AV_PKT_FLAG_CORRUPT;
@@ -298,8 +294,6 @@ static int pp_bnk_read_packet(AVFormatContext *s, AVPacket *pkt)
continue;
pkt->stream_index = 0;
- } else {
- pkt->size = ret;
}
ctx->current_track++;