@@ -146,7 +146,7 @@ static int tak_read_header(AVFormatContext *s)
ret = avpriv_tak_parse_streaminfo(&ti, buffer, size -3);
if (ret < 0)
- return AVERROR_INVALIDDATA;
+ goto end;
if (ti.samples > 0)
st->duration = ti.samples;
st->codecpar->bits_per_coded_sample = ti.bps;
@@ -160,8 +160,10 @@ static int tak_read_header(AVFormatContext *s)
st->codecpar->extradata_size = size - 3;
buffer = NULL;
} else if (type == TAK_METADATA_LAST_FRAME) {
- if (size != 11)
- return AVERROR_INVALIDDATA;
+ if (size != 11) {
+ ret = AVERROR_INVALIDDATA;
+ goto end;
+ }
init_get_bits8(&gb, buffer, size - 3);
tc->mlast_frame = 1;
tc->data_end = get_bits64(&gb, TAK_LAST_FRAME_POS_BITS) +
@@ -176,6 +178,9 @@ static int tak_read_header(AVFormatContext *s)
}
return AVERROR_EOF;
+end:
+ av_freep(&buffer);
+ return ret;
}
static int raw_read_packet(AVFormatContext *s, AVPacket *pkt)
Fixes: memleak Fixes: 15446/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5662875831500800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/takdec.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-)