aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
diff options
context:
space:
mode:
authorAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2020-07-20 07:24:53 +0200
committerAndreas Rheinhardt <andreas.rheinhardt@gmail.com>2020-07-24 03:23:07 +0200
commit28ce651c6d53866c1b8c3b49b8b66a2e967aa273 (patch)
tree3fb540b8340940c6c5b3280bb542288a6f70d0f5 /libavformat
parent78f21cab188a094d42520bcad9686c3b5afa844b (diff)
downloadffmpeg-28ce651c6d53866c1b8c3b49b8b66a2e967aa273.tar.gz
avformat/mxfdec: Fix memleak upon repeating tags
When parsing MXF encountering some tags leads to allocations. And when these tags were encountered repeatedly, this could lead to memleaks, because the pointer to the old data got simply overwritten with a pointer to the new data (or to NULL on allocation failure). This has been fixed. Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Diffstat (limited to 'libavformat')
-rw-r--r--libavformat/mxfdec.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 3016885e75..f0975f409e 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -850,6 +850,7 @@ static int mxf_read_cryptographic_context(void *arg, AVIOContext *pb, int tag, i
static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count)
{
*count = avio_rb32(pb);
+ av_free(*refs);
*refs = av_calloc(*count, sizeof(UID));
if (!*refs) {
*count = 0;
@@ -903,10 +904,8 @@ static int mxf_read_content_storage(void *arg, AVIOContext *pb, int tag, int siz
case 0x1901:
if (mxf->packages_refs)
av_log(mxf->fc, AV_LOG_VERBOSE, "Multiple packages_refs\n");
- av_free(mxf->packages_refs);
return mxf_read_strong_ref_array(pb, &mxf->packages_refs, &mxf->packages_count);
case 0x1902:
- av_free(mxf->essence_container_data_refs);
return mxf_read_strong_ref_array(pb, &mxf->essence_container_data_refs, &mxf->essence_container_data_count);
}
return 0;