[FFmpeg-devel,4/8] avformat/mxfdec: cleanup on "essence prior to first PartitionPack"

Submitted by Michael Niedermayer on Oct. 31, 2019, 5:58 p.m.

Details

Message ID 20191031175830.24895-4-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer Oct. 31, 2019, 5:58 p.m.
Fixes: memleak
Fixes: 18473/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738557074833408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mxfdec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Tomas Härdin Nov. 6, 2019, 8:38 p.m.
tor 2019-10-31 klockan 18:58 +0100 skrev Michael Niedermayer:
> Fixes: memleak
> Fixes: 18473/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-
> 5738557074833408
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/mxfdec.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index 397f820b3f..f3b1b704f9 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -3199,7 +3199,8 @@ static int mxf_read_header(AVFormatContext *s)
>  
>              if (!mxf->current_partition) {
>                  av_log(mxf->fc, AV_LOG_ERROR, "found essence prior
> to first PartitionPack\n");
> -                return AVERROR_INVALIDDATA;
> +                ret = AVERROR_INVALIDDATA;
> +                goto fail;

Should be OK. I'd add a comment around mxf_read_sync() why we don't
goto fail there (since no metadata sets will have been parsed yet)

I also see now that mxf_read_header() calls mxf_read_close(), so the
comment in my last mail can be ignored. But again, maybe add a comment?

/Tomas
Michael Niedermayer Nov. 7, 2019, 5:06 p.m.
On Wed, Nov 06, 2019 at 09:38:01PM +0100, Tomas Härdin wrote:
> tor 2019-10-31 klockan 18:58 +0100 skrev Michael Niedermayer:
> > Fixes: memleak
> > Fixes: 18473/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-
> > 5738557074833408
> > 
> > Found-by: continuous fuzzing process 
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/mxfdec.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index 397f820b3f..f3b1b704f9 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -3199,7 +3199,8 @@ static int mxf_read_header(AVFormatContext *s)
> >  
> >              if (!mxf->current_partition) {
> >                  av_log(mxf->fc, AV_LOG_ERROR, "found essence prior
> > to first PartitionPack\n");
> > -                return AVERROR_INVALIDDATA;
> > +                ret = AVERROR_INVALIDDATA;
> > +                goto fail;
> 
> Should be OK. I'd add a comment around mxf_read_sync() why we don't
> goto fail there (since no metadata sets will have been parsed yet)

will add and apply

thanks

[...]

Patch hide | download patch | download mbox

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 397f820b3f..f3b1b704f9 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -3199,7 +3199,8 @@  static int mxf_read_header(AVFormatContext *s)
 
             if (!mxf->current_partition) {
                 av_log(mxf->fc, AV_LOG_ERROR, "found essence prior to first PartitionPack\n");
-                return AVERROR_INVALIDDATA;
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
             }
 
             if (!mxf->current_partition->first_essence_klv.offset)