@@ -88,7 +88,7 @@ static int mpc_read_header(AVFormatContext *s)
st = avformat_new_stream(s, NULL);
if (!st)
- return AVERROR(ENOMEM);
+ goto mem_error;
st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
st->codecpar->codec_id = AV_CODEC_ID_MUSEPACK7;
st->codecpar->channels = 2;
@@ -96,7 +96,7 @@ static int mpc_read_header(AVFormatContext *s)
st->codecpar->bits_per_coded_sample = 16;
if (ff_get_extradata(s, st->codecpar, s->pb, 16) < 0)
- return AVERROR(ENOMEM);
+ goto mem_error;
st->codecpar->sample_rate = mpc_rate[st->codecpar->extradata[2] & 3];
avpriv_set_pts_info(st, 32, MPC_FRAMESIZE, st->codecpar->sample_rate);
/* scan for seekpoints */
@@ -113,6 +113,9 @@ static int mpc_read_header(AVFormatContext *s)
}
return 0;
+mem_error:
+ av_freep(&c->frames);
+ return AVERROR(ENOMEM);
}
static int mpc_read_packet(AVFormatContext *s, AVPacket *pkt)
Fixes: memleak on error path Fixes: 15984/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5679918412726272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/mpc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)