diff mbox

[FFmpeg-devel] avcodec/ivi: Avoid mbs memleak

Message ID 20181213021604.11047-1-michael@niedermayer.cc
State Accepted
Headers show

Commit Message

Michael Niedermayer Dec. 13, 2018, 2:16 a.m. UTC 
Fixes: 11696/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5740319635668992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/ivi.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Tomas Härdin Dec. 13, 2018, 2:13 p.m. UTC | #1 
tor 2018-12-13 klockan 03:16 +0100 skrev Michael Niedermayer:
> Fixes: 11696/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5740319635668992
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/ivi.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/libavcodec/ivi.c b/libavcodec/ivi.c
> index 19bb01e88f..3b042f2b1c 100644
> --- a/libavcodec/ivi.c
> +++ b/libavcodec/ivi.c
> @@ -437,7 +437,13 @@ av_cold int ff_ivi_init_tiles(IVIPlaneDesc *planes,
>              return AVERROR(EINVAL);
>  
>          for (b = 0; b < planes[p].num_bands; b++) {
> +            int t;
>              band = &planes[p].bands[b];
> +
> +            if (band->tiles)
> +                for (t = 0; t < band->num_tiles; t++)
> +                    av_freep(&band->tiles[t].mbs);

Some braces would probably be a good idea

/Tomas
Michael Niedermayer Dec. 23, 2018, 12:38 p.m. UTC | #2 
On Thu, Dec 13, 2018 at 03:13:21PM +0100, Tomas Härdin wrote:
> tor 2018-12-13 klockan 03:16 +0100 skrev Michael Niedermayer:
> > Fixes: 11696/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5740319635668992
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/ivi.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/libavcodec/ivi.c b/libavcodec/ivi.c
> > index 19bb01e88f..3b042f2b1c 100644
> > --- a/libavcodec/ivi.c
> > +++ b/libavcodec/ivi.c
> > @@ -437,7 +437,13 @@ av_cold int ff_ivi_init_tiles(IVIPlaneDesc *planes,
> >              return AVERROR(EINVAL);
> >  
> >          for (b = 0; b < planes[p].num_bands; b++) {
> > +            int t;
> >              band = &planes[p].bands[b];
> > +
> > +            if (band->tiles)
> > +                for (t = 0; t < band->num_tiles; t++)
> > +                    av_freep(&band->tiles[t].mbs);
> 
> Some braces would probably be a good idea

will apply with braces

thx

[...]
diff mbox

Patch

diff --git a/libavcodec/ivi.c b/libavcodec/ivi.c
index 19bb01e88f..3b042f2b1c 100644
--- a/libavcodec/ivi.c
+++ b/libavcodec/ivi.c
@@ -437,7 +437,13 @@  av_cold int ff_ivi_init_tiles(IVIPlaneDesc *planes,
             return AVERROR(EINVAL);
 
         for (b = 0; b < planes[p].num_bands; b++) {
+            int t;
             band = &planes[p].bands[b];
+
+            if (band->tiles)
+                for (t = 0; t < band->num_tiles; t++)
+                    av_freep(&band->tiles[t].mbs);
+
             x_tiles = IVI_NUM_TILES(band->width, t_width);
             y_tiles = IVI_NUM_TILES(band->height, t_height);
             band->num_tiles = x_tiles * y_tiles;