diff mbox

[FFmpeg-devel] avcodec/utils: Fix memleak with subtitles and sidedata

Message ID 20170125115652.9709-1-michael@niedermayer.cc
State Accepted
Commit ad7a3f5294c6fc6cd45dca9ca02fd3e20f53c2c4
Headers show

Commit Message

Michael Niedermayer Jan. 25, 2017, 11:56 a.m. UTC 
Fixes: 454/fuzz-3-ffmpeg_SUBTITLE_AV_CODEC_ID_MOV_TEXT_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/utils.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

Comments

Michael Niedermayer Feb. 2, 2017, 11:27 p.m. UTC | #1 
On Wed, Jan 25, 2017 at 12:56:52PM +0100, Michael Niedermayer wrote:
> Fixes: 454/fuzz-3-ffmpeg_SUBTITLE_AV_CODEC_ID_MOV_TEXT_fuzzer
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/utils.c | 12 +++++++-----
>  1 file changed, 7 insertions(+), 5 deletions(-)

applied

[...]
diff mbox

Patch

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 4ae752ff2f..f8ec4c1ae6 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -2714,13 +2714,19 @@  int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub,
                                                      avctx->pkt_timebase, ms);
             }
 
+            if (avctx->codec_descriptor->props & AV_CODEC_PROP_BITMAP_SUB)
+                sub->format = 0;
+            else if (avctx->codec_descriptor->props & AV_CODEC_PROP_TEXT_SUB)
+                sub->format = 1;
+
             for (i = 0; i < sub->num_rects; i++) {
                 if (sub->rects[i]->ass && !utf8_check(sub->rects[i]->ass)) {
                     av_log(avctx, AV_LOG_ERROR,
                            "Invalid UTF-8 in decoded subtitles text; "
                            "maybe missing -sub_charenc option\n");
                     avsubtitle_free(sub);
-                    return AVERROR_INVALIDDATA;
+                    ret = AVERROR_INVALIDDATA;
+                    break;
                 }
             }
 
@@ -2731,10 +2737,6 @@  int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub,
 
                 av_packet_unref(&pkt_recoded);
             }
-            if (avctx->codec_descriptor->props & AV_CODEC_PROP_BITMAP_SUB)
-                sub->format = 0;
-            else if (avctx->codec_descriptor->props & AV_CODEC_PROP_TEXT_SUB)
-                sub->format = 1;
             avctx->internal->pkt = NULL;
         }