From 3c69f724173582f48189a92c3116a6783e078961 Mon Sep 17 00:00:00 2001
From: Dale Curtis <dalecurtis@chromium.org>
Date: Tue, 21 Nov 2017 15:40:22 -0800
Subject: [PATCH] [mov] Increment stsd_count while processing stsd data; avoids
leaks.
In the event of ff_mov_read_stsd_entries() failure, sc->stsd_count
is not updated, even if the function allocates extradata memory.
Instead update the sc->stsd_count as entries are parsed so that
mov_read_close() can do the right thing.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
---
libavformat/mov.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
@@ -2464,8 +2464,10 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
}
if (mov_skip_multiple_stsd(c, pb, st->codecpar->codec_tag, format,
- size - (avio_tell(pb) - start_pos)))
+ size - (avio_tell(pb) - start_pos))) {
+ sc->stsd_count++;
continue;
+ }
sc->pseudo_stream_id = st->codecpar->codec_tag ? -1 : pseudo_stream_id;
sc->dref_id= dref_id;
@@ -2517,6 +2519,7 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
av_freep(&st->codecpar->extradata);
st->codecpar->extradata_size = 0;
}
+ sc->stsd_count++;
}
if (pb->eof_reached)
@@ -2566,8 +2569,6 @@ static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
if (ret < 0)
goto fail;
- sc->stsd_count = entries;
-
/* Restore back the primary extradata. */
av_freep(&st->codecpar->extradata);
st->codecpar->extradata_size = sc->extradata_size[0];
--
2.15.0.448.gf294e3d99a-goog
In the event of ff_mov_read_stsd_entries() failure, sc->stsd_count is not updated, even if the function allocates extradata memory. Instead update the sc->stsd_count as entries are parsed so that mov_read_close() can do the right thing. Signed-off-by: Dale Curtis <dalecurtis@chromium.org>