From patchwork Sun Jun 14 22:36:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 20362 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 23267449042 for ; Mon, 15 Jun 2020 01:38:48 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 07ADB68B659; Mon, 15 Jun 2020 01:38:48 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 86FA468B644 for ; Mon, 15 Jun 2020 01:38:40 +0300 (EEST) Received: by mail-wr1-f68.google.com with SMTP id t18so15179008wru.6 for ; Sun, 14 Jun 2020 15:38:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mYq2u6MWS6LEVduNGrTdEimK9wq0ymV9YpACfvmt7h8=; b=VQWIGDp5+O+BZeXJ87b0Eq+iBHrnCBKxxi+dolqYo8xptw/1edQBVzL4fUP6sLY7yK JM7yl9VCH/fV5ZW+KiUldQdFW12OY5D1Vqf3Dw6qBkd1KWNFIQ6lcdrGCZ/pthOoM/qc hdNNHGAGqqyDlmZ+9aDZWlfiaJoZA6D+ZviB3zbAf5GxIAFm/vedv0ErIf1rMzSWZdWl 0H6wz9WTf4VuDYGDXtQzJtwylE512+na5UbIxw66MmNShpHJd4VUc5pjkWNlcsFkFbyC Kr3wOsEr70yCjViH8/ki86VA4OeipJQrL08SpcleLy4kWO1JFQ0dGNl0GDIHEAyeZyDP 1FvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mYq2u6MWS6LEVduNGrTdEimK9wq0ymV9YpACfvmt7h8=; b=Hmu6WKkkA2MLHxwUGdgvgM5wylAXgxw53R1omGTc/PVv2Nj4Pt2/h+W3haiZvI4Heb QadBdlfKFP5NAID8FMAUTSVZ244l4tPL2vmC2rs+3DhTzHb0o+CegAQrggLcnONWYnIm 2syRVOos8uLIVg+d/eQSUkk0yk3RS2KLzAUPYN6dkuYWqdF8SELBclETAtsYg7GYdUYV H9bzHYT09mkgR9aK2uj0jvGnumayuklvclBJVggzbJre38UUpH7TGxkBp/PbZAwUEuay B61fNokbt5lKVLuVC/xx+KTW/zZXueRXKN9LWsl+LFSmgdI6tZEIbDQfZA2Z8CGo5xSU 0Hcw== X-Gm-Message-State: AOAM533PvBx12ySZRVPleNbbkp9CK22MQ8EXeXb1TwXirgAQ7SbYTeBY maK9SMq5bTUnQ13fpGs426WjaJrD X-Google-Smtp-Source: ABdhPJyAyvBDCohzg/3YZfnjz9mt4MJYG63FUrfcptxau9FjcgDo3QXagpHGjKgkLuC8sz6Yzu6CNQ== X-Received: by 2002:adf:ea8b:: with SMTP id s11mr26217304wrm.168.1592174319652; Sun, 14 Jun 2020 15:38:39 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de. [188.193.171.87]) by smtp.gmail.com with ESMTPSA id z8sm21491034wru.33.2020.06.14.15.38.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Jun 2020 15:38:39 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 15 Jun 2020 00:36:36 +0200 Message-Id: <20200614223656.21338-6-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200614223656.21338-1-andreas.rheinhardt@gmail.com> References: <20200614223656.21338-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 06/26] avformat/mov: Fix memleaks upon read_header failure X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" By default, a demuxer's read_close function is not called automatically if an error happens when reading the header; instead it is up to the demuxer to clean up after itself in this case. The mov demuxer did this by calling its read_close function when it encountered some errors when reading the header. Yet for other errors (mostly adding side-data to streams) this has been forgotten, so that all the internal structures of the demuxer leak. This commit fixes this by making sure mov_read_close is called when necessary. Signed-off-by: Andreas Rheinhardt --- libavformat/mov.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 2fc27d2aec..47bbb3697d 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -7580,14 +7580,13 @@ static int mov_read_header(AVFormatContext *s) avio_seek(pb, 0, SEEK_SET); if ((err = mov_read_default(mov, pb, atom)) < 0) { av_log(s, AV_LOG_ERROR, "error reading header\n"); - mov_read_close(s); - return err; + goto fail; } } while ((pb->seekable & AVIO_SEEKABLE_NORMAL) && !mov->found_moov && !mov->moov_retry++); if (!mov->found_moov) { av_log(s, AV_LOG_ERROR, "moov atom not found\n"); - mov_read_close(s); - return AVERROR_INVALIDDATA; + err = AVERROR_INVALIDDATA; + goto fail; } av_log(mov->fc, AV_LOG_TRACE, "on_parse_exit_offset=%"PRId64"\n", avio_tell(pb)); @@ -7640,7 +7639,7 @@ static int mov_read_header(AVFormatContext *s) } if (st->codecpar->codec_id == AV_CODEC_ID_DVD_SUBTITLE) { if ((err = mov_rewrite_dvd_sub_extradata(st)) < 0) - return err; + goto fail; } } if (mov->handbrake_version && @@ -7660,8 +7659,8 @@ static int mov_read_header(AVFormatContext *s) if (sc->data_size > INT64_MAX / sc->time_scale / 8) { av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", sc->data_size, sc->time_scale); - mov_read_close(s); - return AVERROR_INVALIDDATA; + err = AVERROR_INVALIDDATA; + goto fail; } st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / st->duration; } @@ -7676,8 +7675,8 @@ static int mov_read_header(AVFormatContext *s) if (sc->data_size > INT64_MAX / sc->time_scale / 8) { av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", sc->data_size, sc->time_scale); - mov_read_close(s); - return AVERROR_INVALIDDATA; + err = AVERROR_INVALIDDATA; + goto fail; } st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / sc->duration_for_fps; @@ -7701,8 +7700,7 @@ static int mov_read_header(AVFormatContext *s) case AVMEDIA_TYPE_AUDIO: err = ff_replaygain_export(st, s->metadata); if (err < 0) { - mov_read_close(s); - return err; + goto fail; } break; case AVMEDIA_TYPE_VIDEO: @@ -7710,7 +7708,7 @@ static int mov_read_header(AVFormatContext *s) err = av_stream_add_side_data(st, AV_PKT_DATA_DISPLAYMATRIX, (uint8_t*)sc->display_matrix, sizeof(int32_t) * 9); if (err < 0) - return err; + goto fail; sc->display_matrix = NULL; } @@ -7719,7 +7717,7 @@ static int mov_read_header(AVFormatContext *s) (uint8_t *)sc->stereo3d, sizeof(*sc->stereo3d)); if (err < 0) - return err; + goto fail; sc->stereo3d = NULL; } @@ -7728,7 +7726,7 @@ static int mov_read_header(AVFormatContext *s) (uint8_t *)sc->spherical, sc->spherical_size); if (err < 0) - return err; + goto fail; sc->spherical = NULL; } @@ -7737,7 +7735,7 @@ static int mov_read_header(AVFormatContext *s) (uint8_t *)sc->mastering, sizeof(*sc->mastering)); if (err < 0) - return err; + goto fail; sc->mastering = NULL; } @@ -7746,7 +7744,7 @@ static int mov_read_header(AVFormatContext *s) (uint8_t *)sc->coll, sc->coll_size); if (err < 0) - return err; + goto fail; sc->coll = NULL; } @@ -7760,6 +7758,9 @@ static int mov_read_header(AVFormatContext *s) mov->frag_index.item[i].headers_read = 1; return 0; +fail: + mov_read_close(s); + return err; } static AVIndexEntry *mov_find_next_sample(AVFormatContext *s, AVStream **st)