From patchwork Sat Nov 25 18:30:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 6355 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.2.161.94 with SMTP id m30csp3735864jah; Sat, 25 Nov 2017 10:30:57 -0800 (PST) X-Google-Smtp-Source: AGs4zMZde2R9NMLwZYRYCUCWt2MUCaDiE8BiGWr4zwy61QZ1lUf5OgGvDcMWLg2dMnDoW31D1yGE X-Received: by 10.28.217.75 with SMTP id q72mr12341481wmg.9.1511634657482; Sat, 25 Nov 2017 10:30:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511634657; cv=none; d=google.com; s=arc-20160816; b=Ntj1jIX6EB+RlilOR4p7wxEROv8WxdYQ6+bkLQYqP5yaNIpBxGRXfJYe9LdaennJyQ Ez3nu312VFvk+njhLgMwg6qx/2DoM7IniHcL9u1rUe1UEqcj5FHzYGnXjyk9fGXBA1dq GyaIu7/J7x7amM6ilCJxqV4bfPYQxILfBBPhxBqCuYQnK+twtb/rdqWMNoutEd2Pqnme THI0jNufjlno0nt0sUZ3cD+YOzrLR/vObT73+R4I7gew+5IG9fllOVudwTSKgqXDnmuD zjnKoh+crmbHlv9Q+n2AsKU1bLAvkAwlE7U/O3/bI/6KPkvYwZFWZIFjBFIjYanynaZZ 4mxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:delivered-to :arc-authentication-results; bh=j+E8c6NwGIy7xZYdUMlxsfDKZb7F+fqPpDztd97ciOI=; b=0w0pqbzzQgzuc4W9Q/J/SxO6xZ2LJQm8LKQM54npmzjZFLu+2Zo3wftnGuBXuufVWD 7DbKzghz2O7rW7Kao9IfV/j3Vx/HM1tko6LC9gevawO5Z1yeB9k8KWqy+P45MWx1SEFS 8NXtBnnXk3fusmT+rbEKSOyPSP6bahYzvo4/Cmhj+UZtKXwHn094R1eojq+XO/3+d80k CpzR3277qByq8N1WuJ5w/MY+P7wfU+Ym4qVO2Pe2DWGBklQyj7BsWTTjFGChcsCahgdt KdwtkWUPjwk5TqpIqRN8sHXiYwbACCwrltzklTN8tqzJq37EZQiPzqTBKCJKeTavWg+l laVg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id d66si9128692wmf.79.2017.11.25.10.30.56; Sat, 25 Nov 2017 10:30:57 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8CFBB68A30A; Sat, 25 Nov 2017 20:30:54 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe06-2.mx.upcmail.net (vie01a-dmta-pe06-2.mx.upcmail.net [84.116.36.15]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7EF9368A2B5 for ; Sat, 25 Nov 2017 20:30:48 +0200 (EET) Received: from [172.31.216.43] (helo=vie01a-pemc-psmtp-pe01) by vie01a-dmta-pe06.mx.upcmail.net with esmtp (Exim 4.88) (envelope-from ) id 1eIfE1-0003Wl-C0 for ffmpeg-devel@ffmpeg.org; Sat, 25 Nov 2017 19:30:49 +0100 Received: from localhost ([213.47.41.20]) by vie01a-pemc-psmtp-pe01 with SMTP @ mailcloud.upcmail.net id eJWn1w00F0S5wYM01JWoMF; Sat, 25 Nov 2017 19:30:48 +0100 X-SourceIP: 213.47.41.20 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sat, 25 Nov 2017 19:30:46 +0100 Message-Id: <20171125183046.17280-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.15.0 Subject: [FFmpeg-devel] [PATCH] avformat/aacdec: Fix leak in adts_aac_read_packet() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Fixes: chromium-773637/clusterfuzz-testcase-minimized-6418078673141760 Found-by: ossfuzz/chromium Signed-off-by: Michael Niedermayer --- libavformat/aacdec.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/aacdec.c b/libavformat/aacdec.c index 364b33404f..101e8dbea5 100644 --- a/libavformat/aacdec.c +++ b/libavformat/aacdec.c @@ -139,7 +139,13 @@ static int adts_aac_read_packet(AVFormatContext *s, AVPacket *pkt) return AVERROR_INVALIDDATA; } - return av_append_packet(s->pb, pkt, fsize - ADTS_HEADER_SIZE); + ret = av_append_packet(s->pb, pkt, fsize - ADTS_HEADER_SIZE); + if (ret < 0) { + av_packet_unref(pkt); + return AVERROR_INVALIDDATA; + } + + return ret; } AVInputFormat ff_aac_demuxer = {