diff options
author | Andreas Rheinhardt <andreas.rheinhardt@gmail.com> | 2020-09-20 12:28:03 +0200 |
---|---|---|
committer | Andreas Rheinhardt <andreas.rheinhardt@gmail.com> | 2021-02-27 07:20:58 +0100 |
commit | 9637dc8ebdb95f1d5cc1507b84e5f8fbba4e5dcf (patch) | |
tree | 428c8fa61f876f449603d1746c8dbf1049633833 | |
parent | 5db6f6672f12c5e367e5b5cdf7f3107088f0e216 (diff) | |
download | ffmpeg-9637dc8ebdb95f1d5cc1507b84e5f8fbba4e5dcf.tar.gz |
avformat/swfdec: Reorder allocations/initializations
The earlier code would first attempt to allocate two buffers, then
attempt to allocate an AVIOContext, using one of the new buffers I/O
buffer, then check the allocations. On success, a z_stream that is used
in the AVIOContext's read_packet callback is initialized afterwards.
There are two problems with this: In case the allocation of the I/O
buffer fails avio_alloc_context() will be given a NULL read buffer
with a size > 0. This works right now, but it is fragile. The second
problem is that the z_stream used in the read_packet callback is not
functional when avio_alloc_context() is allocated (it might be that
avio_alloc_context() might already fill the buffer in the future). This
commit fixes both of these problems by reordering the operations.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 3f04c3037223f5e5417a14674103f3eeabb4887c)
-rw-r--r-- | libavformat/swfdec.c | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index 331a2e7c8b..1ab603043e 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -129,6 +129,8 @@ retry: return buf_size - z->avail_out; } + +static av_cold int swf_read_close(AVFormatContext *avctx); #endif static int swf_read_header(AVFormatContext *s) @@ -143,24 +145,18 @@ static int swf_read_header(AVFormatContext *s) if (tag == MKBETAG('C', 'W', 'S', 0)) { av_log(s, AV_LOG_INFO, "SWF compressed file detected\n"); #if CONFIG_ZLIB - swf->zbuf_in = av_malloc(ZBUF_SIZE); - swf->zbuf_out = av_malloc(ZBUF_SIZE); - swf->zpb = avio_alloc_context(swf->zbuf_out, ZBUF_SIZE, 0, s, - zlib_refill, NULL, NULL); - if (!swf->zbuf_in || !swf->zbuf_out || !swf->zpb) { - av_freep(&swf->zbuf_in); - av_freep(&swf->zbuf_out); - avio_context_free(&swf->zpb); - return AVERROR(ENOMEM); - } - swf->zpb->seekable = 0; if (inflateInit(&swf->zstream) != Z_OK) { av_log(s, AV_LOG_ERROR, "Unable to init zlib context\n"); - av_freep(&swf->zbuf_in); - av_freep(&swf->zbuf_out); - avio_context_free(&swf->zpb); return AVERROR(EINVAL); } + if (!(swf->zbuf_in = av_malloc(ZBUF_SIZE)) || + !(swf->zbuf_out = av_malloc(ZBUF_SIZE)) || + !(swf->zpb = avio_alloc_context(swf->zbuf_out, ZBUF_SIZE, 0, + s, zlib_refill, NULL, NULL))) { + swf_read_close(s); + return AVERROR(ENOMEM); + } + swf->zpb->seekable = 0; pb = swf->zpb; #else av_log(s, AV_LOG_ERROR, "zlib support is required to read SWF compressed files\n"); |