aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2019-07-02 20:35:30 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2019-07-17 23:18:50 +0200
commitfff2bdc8b835158773a8360fc2d50a10ca0d38af (patch)
tree0b51981333a10da3ba7322f34c42692d3dfb719a
parenta7e02cf3ad6f6eaae07fa68ecb93014e1dfd224e (diff)
downloadffmpeg-fff2bdc8b835158773a8360fc2d50a10ca0d38af.tar.gz
avformat/takdec: Free buffer on error pathes
Fixes: memleak Fixes: 15446/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5662875831500800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavformat/takdec.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/libavformat/takdec.c b/libavformat/takdec.c
index ee96c27992..c51a020161 100644
--- a/libavformat/takdec.c
+++ b/libavformat/takdec.c
@@ -146,7 +146,7 @@ static int tak_read_header(AVFormatContext *s)
ret = avpriv_tak_parse_streaminfo(&ti, buffer, size -3);
if (ret < 0)
- return AVERROR_INVALIDDATA;
+ goto end;
if (ti.samples > 0)
st->duration = ti.samples;
st->codecpar->bits_per_coded_sample = ti.bps;
@@ -160,8 +160,10 @@ static int tak_read_header(AVFormatContext *s)
st->codecpar->extradata_size = size - 3;
buffer = NULL;
} else if (type == TAK_METADATA_LAST_FRAME) {
- if (size != 11)
- return AVERROR_INVALIDDATA;
+ if (size != 11) {
+ ret = AVERROR_INVALIDDATA;
+ goto end;
+ }
init_get_bits8(&gb, buffer, size - 3);
tc->mlast_frame = 1;
tc->data_end = get_bits64(&gb, TAK_LAST_FRAME_POS_BITS) +
@@ -176,6 +178,9 @@ static int tak_read_header(AVFormatContext *s)
}
return AVERROR_EOF;
+end:
+ av_freep(&buffer);
+ return ret;
}
static int raw_read_packet(AVFormatContext *s, AVPacket *pkt)