aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2020-09-20 12:28:03 +0200
committerAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2021-02-27 07:20:58 +0100
commit9637dc8ebdb95f1d5cc1507b84e5f8fbba4e5dcf (patch)
tree428c8fa61f876f449603d1746c8dbf1049633833
parent5db6f6672f12c5e367e5b5cdf7f3107088f0e216 (diff)
downloadffmpeg-9637dc8ebdb95f1d5cc1507b84e5f8fbba4e5dcf.tar.gz
avformat/swfdec: Reorder allocations/initializations
The earlier code would first attempt to allocate two buffers, then attempt to allocate an AVIOContext, using one of the new buffers I/O buffer, then check the allocations. On success, a z_stream that is used in the AVIOContext's read_packet callback is initialized afterwards. There are two problems with this: In case the allocation of the I/O buffer fails avio_alloc_context() will be given a NULL read buffer with a size > 0. This works right now, but it is fragile. The second problem is that the z_stream used in the read_packet callback is not functional when avio_alloc_context() is allocated (it might be that avio_alloc_context() might already fill the buffer in the future). This commit fixes both of these problems by reordering the operations. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 3f04c3037223f5e5417a14674103f3eeabb4887c)
-rw-r--r--libavformat/swfdec.c24
1 files changed, 10 insertions, 14 deletions
diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c
index 331a2e7c8b..1ab603043e 100644
--- a/libavformat/swfdec.c
+++ b/libavformat/swfdec.c
@@ -129,6 +129,8 @@ retry:
return buf_size - z->avail_out;
}
+
+static av_cold int swf_read_close(AVFormatContext *avctx);
#endif
static int swf_read_header(AVFormatContext *s)
@@ -143,24 +145,18 @@ static int swf_read_header(AVFormatContext *s)
if (tag == MKBETAG('C', 'W', 'S', 0)) {
av_log(s, AV_LOG_INFO, "SWF compressed file detected\n");
#if CONFIG_ZLIB
- swf->zbuf_in = av_malloc(ZBUF_SIZE);
- swf->zbuf_out = av_malloc(ZBUF_SIZE);
- swf->zpb = avio_alloc_context(swf->zbuf_out, ZBUF_SIZE, 0, s,
- zlib_refill, NULL, NULL);
- if (!swf->zbuf_in || !swf->zbuf_out || !swf->zpb) {
- av_freep(&swf->zbuf_in);
- av_freep(&swf->zbuf_out);
- avio_context_free(&swf->zpb);
- return AVERROR(ENOMEM);
- }
- swf->zpb->seekable = 0;
if (inflateInit(&swf->zstream) != Z_OK) {
av_log(s, AV_LOG_ERROR, "Unable to init zlib context\n");
- av_freep(&swf->zbuf_in);
- av_freep(&swf->zbuf_out);
- avio_context_free(&swf->zpb);
return AVERROR(EINVAL);
}
+ if (!(swf->zbuf_in = av_malloc(ZBUF_SIZE)) ||
+ !(swf->zbuf_out = av_malloc(ZBUF_SIZE)) ||
+ !(swf->zpb = avio_alloc_context(swf->zbuf_out, ZBUF_SIZE, 0,
+ s, zlib_refill, NULL, NULL))) {
+ swf_read_close(s);
+ return AVERROR(ENOMEM);
+ }
+ swf->zpb->seekable = 0;
pb = swf->zpb;
#else
av_log(s, AV_LOG_ERROR, "zlib support is required to read SWF compressed files\n");