diff mbox

[FFmpeg-devel,2/2] avformat/mpc: deallocate frames array on errors

Message ID 20190724213538.29475-2-michael@niedermayer.cc
State Accepted
Commit da5039415c2bd625085d15e6c92e0b64eefddcbf
Headers show

Commit Message

Michael Niedermayer July 24, 2019, 9:35 p.m. UTC 
Fixes: memleak on error path
Fixes: 15984/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5679918412726272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mpc.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Comments

Michael Niedermayer July 31, 2019, 5:33 p.m. UTC | #1 
On Wed, Jul 24, 2019 at 11:35:38PM +0200, Michael Niedermayer wrote:
> Fixes: memleak on error path
> Fixes: 15984/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5679918412726272
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/mpc.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)

will apply

[...]
diff mbox

Patch

diff --git a/libavformat/mpc.c b/libavformat/mpc.c
index 487ff90c7d..a7b2e116ed 100644
--- a/libavformat/mpc.c
+++ b/libavformat/mpc.c
@@ -88,7 +88,7 @@  static int mpc_read_header(AVFormatContext *s)
 
     st = avformat_new_stream(s, NULL);
     if (!st)
-        return AVERROR(ENOMEM);
+        goto mem_error;
     st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
     st->codecpar->codec_id = AV_CODEC_ID_MUSEPACK7;
     st->codecpar->channels = 2;
@@ -96,7 +96,7 @@  static int mpc_read_header(AVFormatContext *s)
     st->codecpar->bits_per_coded_sample = 16;
 
     if (ff_get_extradata(s, st->codecpar, s->pb, 16) < 0)
-        return AVERROR(ENOMEM);
+        goto mem_error;
     st->codecpar->sample_rate = mpc_rate[st->codecpar->extradata[2] & 3];
     avpriv_set_pts_info(st, 32, MPC_FRAMESIZE, st->codecpar->sample_rate);
     /* scan for seekpoints */
@@ -113,6 +113,9 @@  static int mpc_read_header(AVFormatContext *s)
     }
 
     return 0;
+mem_error:
+    av_freep(&c->frames);
+    return AVERROR(ENOMEM);
 }
 
 static int mpc_read_packet(AVFormatContext *s, AVPacket *pkt)