diff mbox

[FFmpeg-devel,1/2] libavformat/oggparsevorbis: Fix memleak on multiple headers

Message ID 20180306215623.26344-1-michael@niedermayer.cc
State Accepted
Commit 3934aa495d786845d9f541c84ee405c096938f76
Headers show

Commit Message

Michael Niedermayer March 6, 2018, 9:56 p.m. UTC 
Fixes: Chromium bug 800123
Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/oggparsevorbis.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Matt Wolenetz March 7, 2018, 6:10 p.m. UTC | #1 
Friendly ping. I'd like to not have to land this in Chromium before
upstream ffmpeg, but I may need to soon.

On Tue, Mar 6, 2018 at 1:56 PM, Michael Niedermayer <michael@niedermayer.cc>
wrote:

> Fixes: Chromium bug 800123
> Reported-by: Matt Wolenetz <wolenetz@google.com>
> Reviewed-by: Matt Wolenetz <wolenetz@google.com>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/oggparsevorbis.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c
> index 29b1ab514e..bcfd246b8d 100644
> --- a/libavformat/oggparsevorbis.c
> +++ b/libavformat/oggparsevorbis.c
> @@ -230,6 +230,10 @@ static int fixup_vorbis_headers(AVFormatContext *as,
>
>      len = priv->len[0] + priv->len[1] + priv->len[2];
>      buf_len = len + len / 255 + 64;
> +
> +    if (*buf)
> +        return AVERROR_INVALIDDATA;
> +
>      ptr = *buf = av_realloc(NULL, buf_len);
>      if (!ptr)
>          return AVERROR(ENOMEM);
> --
> 2.16.2
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
Matthew Wolenetz March 7, 2018, 6:20 p.m. UTC | #2 
Friendly ping. I'd like to not have to land this in Chromium before upstream
 ffmpeg, but I may need to soon.

On Tue, Mar 6, 2018 at 1:56 PM, Michael Niedermayer <michael@niedermayer.cc>
wrote:

> Fixes: Chromium bug 800123
> Reported-by: Matt Wolenetz <wolenetz@google.com>
> Reviewed-by: Matt Wolenetz <wolenetz@google.com>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/oggparsevorbis.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c
> index 29b1ab514e..bcfd246b8d 100644
> --- a/libavformat/oggparsevorbis.c
> +++ b/libavformat/oggparsevorbis.c
> @@ -230,6 +230,10 @@ static int fixup_vorbis_headers(AVFormatContext *as,
>
>      len = priv->len[0] + priv->len[1] + priv->len[2];
>      buf_len = len + len / 255 + 64;
> +
> +    if (*buf)
> +        return AVERROR_INVALIDDATA;
> +
>      ptr = *buf = av_realloc(NULL, buf_len);
>      if (!ptr)
>          return AVERROR(ENOMEM);
> --
> 2.16.2
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
Michael Niedermayer March 7, 2018, 6:49 p.m. UTC | #3 
On Wed, Mar 07, 2018 at 10:10:09AM -0800, Matt Wolenetz wrote:
> Friendly ping. I'd like to not have to land this in Chromium before
> upstream ffmpeg, but I may need to soon.

will apply

thx

[...]
diff mbox

Patch

diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c
index 29b1ab514e..bcfd246b8d 100644
--- a/libavformat/oggparsevorbis.c
+++ b/libavformat/oggparsevorbis.c
@@ -230,6 +230,10 @@  static int fixup_vorbis_headers(AVFormatContext *as,
 
     len = priv->len[0] + priv->len[1] + priv->len[2];
     buf_len = len + len / 255 + 64;
+
+    if (*buf)
+        return AVERROR_INVALIDDATA;
+
     ptr = *buf = av_realloc(NULL, buf_len);
     if (!ptr)
         return AVERROR(ENOMEM);