diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2019-07-02 20:35:30 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-07-17 23:18:50 +0200 |
commit | fff2bdc8b835158773a8360fc2d50a10ca0d38af (patch) | |
tree | 0b51981333a10da3ba7322f34c42692d3dfb719a | |
parent | a7e02cf3ad6f6eaae07fa68ecb93014e1dfd224e (diff) | |
download | ffmpeg-fff2bdc8b835158773a8360fc2d50a10ca0d38af.tar.gz |
avformat/takdec: Free buffer on error pathes
Fixes: memleak
Fixes: 15446/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5662875831500800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavformat/takdec.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/libavformat/takdec.c b/libavformat/takdec.c index ee96c27992..c51a020161 100644 --- a/libavformat/takdec.c +++ b/libavformat/takdec.c @@ -146,7 +146,7 @@ static int tak_read_header(AVFormatContext *s) ret = avpriv_tak_parse_streaminfo(&ti, buffer, size -3); if (ret < 0) - return AVERROR_INVALIDDATA; + goto end; if (ti.samples > 0) st->duration = ti.samples; st->codecpar->bits_per_coded_sample = ti.bps; @@ -160,8 +160,10 @@ static int tak_read_header(AVFormatContext *s) st->codecpar->extradata_size = size - 3; buffer = NULL; } else if (type == TAK_METADATA_LAST_FRAME) { - if (size != 11) - return AVERROR_INVALIDDATA; + if (size != 11) { + ret = AVERROR_INVALIDDATA; + goto end; + } init_get_bits8(&gb, buffer, size - 3); tc->mlast_frame = 1; tc->data_end = get_bits64(&gb, TAK_LAST_FRAME_POS_BITS) + @@ -176,6 +178,9 @@ static int tak_read_header(AVFormatContext *s) } return AVERROR_EOF; +end: + av_freep(&buffer); + return ret; } static int raw_read_packet(AVFormatContext *s, AVPacket *pkt) |