cbs_apv: Fix memory leak on metadata parse failure

Buffers are allocated inside some metadata types, so we must ensure that the object is visible to the free function before a parse failure. Found by libFuzzer.
author: Mark Thompson <sw@jkqxz.net> 2025-05-14 21:47:00 +0100
committer: Mark Thompson <sw@jkqxz.net> 2025-05-17 11:23:36 +0100
commit: 88f2ccdf16b7aa7c47d3683eabcc58ba9a247f24 (patch)
tree: b2329fb00ac3c2c58157307d2e6c221ce5f016d5
parent: a65d028fb15dc01ae4974f413e489b891c3964be (diff)
download: ffmpeg-88f2ccdf16b7aa7c47d3683eabcc58ba9a247f24.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/cbs_apv_syntax_template.c b/libavcodec/cbs_apv_syntax_template.c
index ca66349141..fc8a08ff31 100644
--- a/libavcodec/cbs_apv_syntax_template.c
+++ b/libavcodec/cbs_apv_syntax_template.c
@@ -543,11 +543,11 @@ static int FUNC(metadata)(CodedBitstreamContext *ctx, RWContext *rw,
             return AVERROR_INVALIDDATA;
         }
 
+        current->metadata_count = p + 1;
+
         CHECK(FUNC(metadata_payload)(ctx, rw, pl));
 
         metadata_bytes_left -= pl->payload_size;
-
-        current->metadata_count = p + 1;
         if (metadata_bytes_left == 0)
             break;
     }
author	Mark Thompson <sw@jkqxz.net>	2025-05-14 21:47:00 +0100
committer	Mark Thompson <sw@jkqxz.net>	2025-05-17 11:23:36 +0100
commit	88f2ccdf16b7aa7c47d3683eabcc58ba9a247f24 (patch)
tree	b2329fb00ac3c2c58157307d2e6c221ce5f016d5
parent	a65d028fb15dc01ae4974f413e489b891c3964be (diff)
download	ffmpeg-88f2ccdf16b7aa7c47d3683eabcc58ba9a247f24.tar.gz