aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2020-10-30 21:44:12 +0100
committerMichael Niedermayer <michael@niedermayer.cc>2020-11-27 00:25:42 +0100
commit3b8a263c4f0e750f809282b9e6830c125d6c9db3 (patch)
treec50a5bd99179c028256e145dc930d3818b30b426
parent3c922681c35ac6f58e4a4bc02b8f0966b308d985 (diff)
downloadffmpeg-3b8a263c4f0e750f809282b9e6830c125d6c9db3.tar.gz
avformat/mov: Fix memleak in dref reading
Fixes: leak in mov_read_dref() Fixes: 26698/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5638785444085760 Fixes: 27554/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6256643054239744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavformat/mov.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 2b90e31170..175d5a3cc2 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -588,6 +588,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
entries >= UINT_MAX / sizeof(*sc->drefs))
return AVERROR_INVALIDDATA;
+ for (i = 0; i < sc->drefs_count; i++) {
+ MOVDref *dref = &sc->drefs[i];
+ av_freep(&dref->path);
+ av_freep(&dref->dir);
+ }
av_free(sc->drefs);
sc->drefs_count = 0;
sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));