[FFmpeg-devel,01/12] avcodec/wmaprodec: get frame during frame decode

Submitted by Michael Niedermayer on Sept. 25, 2019, 8:38 p.m.

Details

Message ID 20190925203858.27870-1-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer Sept. 25, 2019, 8:38 p.m.
Fixes: memleak
Fixes: 17615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5681306024804352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wmaprodec.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Comments

Paul B Mahol Sept. 26, 2019, 7:50 a.m.
bettter add init cleanup?

On 9/25/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: memleak
> Fixes:
> 17615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5681306024804352
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/wmaprodec.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c
> index d0fa974c80..5ff26e907d 100644
> --- a/libavcodec/wmaprodec.c
> +++ b/libavcodec/wmaprodec.c
> @@ -1793,6 +1793,12 @@ static int xma_decode_packet(AVCodecContext *avctx,
> void *data,
>      AVFrame *frame = data;
>      int i, ret, offset = INT_MAX;
>
> +    if (!s->frames[s->current_stream]->data[0]) {
> +        s->frames[s->current_stream]->nb_samples = 512;
> +        if ((ret = ff_get_buffer(avctx, s->frames[s->current_stream], 0)) <
> 0) {
> +            return ret;
> +        }
> +    }
>      /* decode current stream packet */
>      ret = decode_packet(avctx, &s->xma[s->current_stream],
> s->frames[s->current_stream],
>                          &got_stream_frame_ptr, avpkt);
> @@ -1915,10 +1921,6 @@ static av_cold int xma_decode_init(AVCodecContext
> *avctx)
>          s->frames[i] = av_frame_alloc();
>          if (!s->frames[i])
>              return AVERROR(ENOMEM);
> -        s->frames[i]->nb_samples = 512;
> -        if ((ret = ff_get_buffer(avctx, s->frames[i], 0)) < 0) {
> -            return AVERROR(ENOMEM);
> -        }
>
>          s->start_channel[i] = start_channels;
>          start_channels += s->xma[i].nb_channels;
> --
> 2.23.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Patch hide | download patch | download mbox

diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c
index d0fa974c80..5ff26e907d 100644
--- a/libavcodec/wmaprodec.c
+++ b/libavcodec/wmaprodec.c
@@ -1793,6 +1793,12 @@  static int xma_decode_packet(AVCodecContext *avctx, void *data,
     AVFrame *frame = data;
     int i, ret, offset = INT_MAX;
 
+    if (!s->frames[s->current_stream]->data[0]) {
+        s->frames[s->current_stream]->nb_samples = 512;
+        if ((ret = ff_get_buffer(avctx, s->frames[s->current_stream], 0)) < 0) {
+            return ret;
+        }
+    }
     /* decode current stream packet */
     ret = decode_packet(avctx, &s->xma[s->current_stream], s->frames[s->current_stream],
                         &got_stream_frame_ptr, avpkt);
@@ -1915,10 +1921,6 @@  static av_cold int xma_decode_init(AVCodecContext *avctx)
         s->frames[i] = av_frame_alloc();
         if (!s->frames[i])
             return AVERROR(ENOMEM);
-        s->frames[i]->nb_samples = 512;
-        if ((ret = ff_get_buffer(avctx, s->frames[i], 0)) < 0) {
-            return AVERROR(ENOMEM);
-        }
 
         s->start_channel[i] = start_channels;
         start_channels += s->xma[i].nb_channels;