| Message ID | 20191031175830.24895-4-michael@niedermayer.cc |
|---|---|
| State | New |
| Headers | show |
tor 2019-10-31 klockan 18:58 +0100 skrev Michael Niedermayer: > Fixes: memleak > Fixes: 18473/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer- > 5738557074833408 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/mxfdec.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > index 397f820b3f..f3b1b704f9 100644 > --- a/libavformat/mxfdec.c > +++ b/libavformat/mxfdec.c > @@ -3199,7 +3199,8 @@ static int mxf_read_header(AVFormatContext *s) > > if (!mxf->current_partition) { > av_log(mxf->fc, AV_LOG_ERROR, "found essence prior > to first PartitionPack\n"); > - return AVERROR_INVALIDDATA; > + ret = AVERROR_INVALIDDATA; > + goto fail; Should be OK. I'd add a comment around mxf_read_sync() why we don't goto fail there (since no metadata sets will have been parsed yet) I also see now that mxf_read_header() calls mxf_read_close(), so the comment in my last mail can be ignored. But again, maybe add a comment? /Tomas
On Wed, Nov 06, 2019 at 09:38:01PM +0100, Tomas Härdin wrote: > tor 2019-10-31 klockan 18:58 +0100 skrev Michael Niedermayer: > > Fixes: memleak > > Fixes: 18473/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer- > > 5738557074833408 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/mxfdec.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > > index 397f820b3f..f3b1b704f9 100644 > > --- a/libavformat/mxfdec.c > > +++ b/libavformat/mxfdec.c > > @@ -3199,7 +3199,8 @@ static int mxf_read_header(AVFormatContext *s) > > > > if (!mxf->current_partition) { > > av_log(mxf->fc, AV_LOG_ERROR, "found essence prior > > to first PartitionPack\n"); > > - return AVERROR_INVALIDDATA; > > + ret = AVERROR_INVALIDDATA; > > + goto fail; > > Should be OK. I'd add a comment around mxf_read_sync() why we don't > goto fail there (since no metadata sets will have been parsed yet) will add and apply thanks [...]
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 397f820b3f..f3b1b704f9 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -3199,7 +3199,8 @@ static int mxf_read_header(AVFormatContext *s) if (!mxf->current_partition) { av_log(mxf->fc, AV_LOG_ERROR, "found essence prior to first PartitionPack\n"); - return AVERROR_INVALIDDATA; + ret = AVERROR_INVALIDDATA; + goto fail; } if (!mxf->current_partition->first_essence_klv.offset)
Fixes: memleak Fixes: 18473/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738557074833408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/mxfdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)