avcodec/cbs_mpeg2: fix leak of extra_information_slice buffer in cbs_mpeg2_read_slice_header()

cbs_mpeg2_free_slice() calls av_buffer_unref() on extra_information_ref,
meaning allocating with av_malloc() was not the intention.

Signed-off-by: James Almer <jamrial@gmail.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/libavcodec/cbs_mpeg2_syntax_template.c b/libavcodec/cbs_mpeg2_syntax_template.c
index d753cdc901..e0cf716874 100644
--- a/libavcodec/cbs_mpeg2_syntax_template.c
+++ b/libavcodec/cbs_mpeg2_syntax_template.c
@@ -377,10 +377,11 @@ static int FUNC(slice_header)(CodedBitstreamContext *ctx, RWContext *rw,
             current->extra_information_length = k;
             if (k > 0) {
                 *rw = start;
-                current->extra_information =
-                    av_malloc(current->extra_information_length);
-                if (!current->extra_information)
+                current->extra_information_ref =
+                    av_buffer_alloc(current->extra_information_length);
+                if (!current->extra_information_ref)
                     return AVERROR(ENOMEM);
+                current->extra_information = current->extra_information_ref->data;
                 for (k = 0; k < current->extra_information_length; k++) {
                     xui(1, extra_bit_slice, bit, 1, 1, 0);
                     xui(8, extra_information_slice[k],