avformat/mpc: deallocate frames array on errors

Fixes: memleak on error path
Fixes: 15984/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5679918412726272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da5039415c2bd625085d15e6c92e0b64eefddcbf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1 files changed, 5 insertions, 2 deletions

diff --git a/libavformat/mpc.c b/libavformat/mpc.c
index af333746e3..a1e7878946 100644
--- a/libavformat/mpc.c
+++ b/libavformat/mpc.c
@@ -88,7 +88,7 @@ static int mpc_read_header(AVFormatContext *s)
 
     st = avformat_new_stream(s, NULL);
     if (!st)
-        return AVERROR(ENOMEM);
+        goto mem_error;
     st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
     st->codecpar->codec_id = AV_CODEC_ID_MUSEPACK7;
     st->codecpar->channels = 2;
@@ -96,7 +96,7 @@ static int mpc_read_header(AVFormatContext *s)
     st->codecpar->bits_per_coded_sample = 16;
 
     if (ff_get_extradata(s, st->codecpar, s->pb, 16) < 0)
-        return AVERROR(ENOMEM);
+        goto mem_error;
     st->codecpar->sample_rate = mpc_rate[st->codecpar->extradata[2] & 3];
     avpriv_set_pts_info(st, 32, MPC_FRAMESIZE, st->codecpar->sample_rate);
     /* scan for seekpoints */
@@ -113,6 +113,9 @@ static int mpc_read_header(AVFormatContext *s)
     }
 
     return 0;
+mem_error:
+    av_freep(&c->frames);
+    return AVERROR(ENOMEM);
 }
 
 static int mpc_read_packet(AVFormatContext *s, AVPacket *pkt)