diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2020-10-30 21:44:12 +0100 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2020-11-27 00:25:42 +0100 |
commit | 3b8a263c4f0e750f809282b9e6830c125d6c9db3 (patch) | |
tree | c50a5bd99179c028256e145dc930d3818b30b426 | |
parent | 3c922681c35ac6f58e4a4bc02b8f0966b308d985 (diff) | |
download | ffmpeg-3b8a263c4f0e750f809282b9e6830c125d6c9db3.tar.gz |
avformat/mov: Fix memleak in dref reading
Fixes: leak in mov_read_dref()
Fixes: 26698/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5638785444085760
Fixes: 27554/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6256643054239744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavformat/mov.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c index 2b90e31170..175d5a3cc2 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -588,6 +588,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom) entries >= UINT_MAX / sizeof(*sc->drefs)) return AVERROR_INVALIDDATA; + for (i = 0; i < sc->drefs_count; i++) { + MOVDref *dref = &sc->drefs[i]; + av_freep(&dref->path); + av_freep(&dref->dir); + } av_free(sc->drefs); sc->drefs_count = 0; sc->drefs = av_mallocz(entries * sizeof(*sc->drefs)); |