From patchwork Sun Mar 22 03:47:41 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 18323
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 54CA244BCD9
	for <patchwork@ffaux-bg.ffmpeg.org>; Sun, 22 Mar 2020 05:48:40 +0200 (EET)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3C25268B4B5;
	Sun, 22 Mar 2020 05:48:40 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com
 [209.85.128.68])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9BA8D68B4A2
 for <ffmpeg-devel@ffmpeg.org>; Sun, 22 Mar 2020 05:48:32 +0200 (EET)
Received: by mail-wm1-f68.google.com with SMTP id r7so10430989wmg.0
 for <ffmpeg-devel@ffmpeg.org>; Sat, 21 Mar 2020 20:48:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=eXFopYUoXsG+lolyvBBiE/fJxoWbx+YIeez7wgL8jcE=;
 b=ezP06L3LPbUZc8kRz1xbu9gDwy+5olazMZYcZHFJNZxY19x5Q27+8IliZ3OVc+y9hE
 1cveaFKPh1VCCdDUxMvBDVx8ABdN1jOUXjB48mwpEapIrHTRguCRNNMYp3K1CA6XYj/1
 Xoozoaat/+DLSm2OV3tfGEIl/r4OE8Ofv7yqZUtZP9atZiZESIfGu27z5lO00JIuMVX8
 9JFy7SRHcspRbFs3kJ9Aj0j2AezJg8lSjKv3QWQXu8xKFyKo03athrPc/LyBcl8LmdPB
 qpoIyYqqa8wgmDfrrSSW51sVAWoW85cAro5/KyNAYGGPFX4ckWgmc1PSveV950+MDUPb
 +jtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=eXFopYUoXsG+lolyvBBiE/fJxoWbx+YIeez7wgL8jcE=;
 b=eynFLhSjW8dpXri4Iq3PHC3wHRh4mwxuWV4rw0PMPYEpLwbqJVEw8DNmFl+AONfiVC
 zRzmRV8WOOfSbRKxge/5EEVFsQoJHzwNs3N4MXNeQYA3+m6CrTDFs+s9aicIqEI2nts0
 Jdi76tNFId7iPrvCU9TapUf4EXX2eDdOhDRmWDp8oyrTdvLHdJOHQ0OMxzSP4tq7lOYQ
 ThmYCKjESSfsIOV5AvFsdEfj/7J8PvnepxnwPDVjbXx2/DAWhaSJM9AKI0aMXUHf4KOO
 doPXenhazyo4xYoYJv8iJlGSXGxbyIBcYIXJPk/qV4LFCC+wD4uMJuwu01YSO0twOK/S
 mcjA==
X-Gm-Message-State: ANhLgQ2d2LB9y4+Wc7kp0oxZKocrbTBEmXMWNE5OA7IxibsSuX0BCxhq
 +EwlclGMMbFLdZ+ApG0z6ASqsajo
X-Google-Smtp-Source: 
 ADFU+vvMTnks9XgME4YZLeG/QN93j5U74p+1rMdg79MBt4/fdna9d3C9DkuSeleXMOlYrhwPCpUtWg==
X-Received: by 2002:a1c:5fc5:: with SMTP id
 t188mr19503431wmb.110.1584848911642;
 Sat, 21 Mar 2020 20:48:31 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de.
 [188.193.171.87])
 by smtp.gmail.com with ESMTPSA id k204sm1530371wma.17.2020.03.21.20.48.30
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 21 Mar 2020 20:48:30 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Sun, 22 Mar 2020 04:47:41 +0100
Message-Id: <20200322034756.29907-6-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200322034756.29907-1-andreas.rheinhardt@gmail.com>
References: <20200322034756.29907-1-andreas.rheinhardt@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 06/21] avformat/mov: Fix memleaks when adding
	stream side-data fails
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

By default, a demuxer's read_close function is not called automatically
if an error happens when reading the header; instead it is up to the
demuxer to clean up after itself in this case. The mov demuxer did this
by calling its read_close function when it encountered some errors when
reading the header. Yet for other errors (namely adding side-data to
streams) this has been forgotten, so that all the internal structures
of the demuxer leak.

This commit fixes this by setting the FF_INPUTFORMAT_HEADER_CLEANUP flag
so that mov_read_close() is automatically called when an error happens
when reading the header.

(Btw: mov_read_close() is not idempotent: Calling it twice is
dangerouos, because MOVContext.frag_index.item will be av_freep'ed,
yet MOVContext.frag_index.nb_items won't be reset. So the calls to
mov_read_close() have to be removed before the switch to freeing
generically.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/mov.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index f280f360b6..61fdb45d9a 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -7494,13 +7494,11 @@ static int mov_read_header(AVFormatContext *s)
             avio_seek(pb, 0, SEEK_SET);
         if ((err = mov_read_default(mov, pb, atom)) < 0) {
             av_log(s, AV_LOG_ERROR, "error reading header\n");
-            mov_read_close(s);
             return err;
         }
     } while ((pb->seekable & AVIO_SEEKABLE_NORMAL) && !mov->found_moov && !mov->moov_retry++);
     if (!mov->found_moov) {
         av_log(s, AV_LOG_ERROR, "moov atom not found\n");
-        mov_read_close(s);
         return AVERROR_INVALIDDATA;
     }
     av_log(mov->fc, AV_LOG_TRACE, "on_parse_exit_offset=%"PRId64"\n", avio_tell(pb));
@@ -7574,7 +7572,6 @@ static int mov_read_header(AVFormatContext *s)
                 if (sc->data_size > INT64_MAX / sc->time_scale / 8) {
                     av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n",
                            sc->data_size, sc->time_scale);
-                    mov_read_close(s);
                     return AVERROR_INVALIDDATA;
                 }
                 st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / st->duration;
@@ -7590,7 +7587,6 @@ static int mov_read_header(AVFormatContext *s)
                 if (sc->data_size > INT64_MAX / sc->time_scale / 8) {
                     av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n",
                            sc->data_size, sc->time_scale);
-                    mov_read_close(s);
                     return AVERROR_INVALIDDATA;
                 }
                 st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale /
@@ -7614,10 +7610,8 @@ static int mov_read_header(AVFormatContext *s)
         switch (st->codecpar->codec_type) {
         case AVMEDIA_TYPE_AUDIO:
             err = ff_replaygain_export(st, s->metadata);
-            if (err < 0) {
-                mov_read_close(s);
+            if (err < 0)
                 return err;
-            }
             break;
         case AVMEDIA_TYPE_VIDEO:
             if (sc->display_matrix) {
@@ -8098,4 +8092,5 @@ AVInputFormat ff_mov_demuxer = {
     .read_close     = mov_read_close,
     .read_seek      = mov_read_seek,
     .flags          = AVFMT_NO_BYTE_SEEK | AVFMT_SEEK_TO_PTS,
+    .flags_internal = FF_INPUTFORMAT_HEADER_CLEANUP,
 };