diff mbox series

[FFmpeg-devel,v2,2/2] avformat/wc3movie: Fix memleak upon read_header failure

Message ID 20200719204755.32269-2-andreas.rheinhardt@gmail.com
State New
Headers show
Series [FFmpeg-devel,v2,1/2] avformat: Redo cleanup of demuxer upon read_header() failure
Related show

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Andreas Rheinhardt July 19, 2020, 8:47 p.m. UTC
wc3_read_header() might fail after having read some data into a packet
in which case this data would leak. Fix this by setting the
AVFMT_HEADER_CLEANUP flag that ensures that the demuxer's read_close
function is called (it unrefs the packet) if reading the header failed.

Fixes: memleak
Fixes: 23660/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6007508031504384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
Michael, can you confirm that this fixes the memleak?

 libavformat/wc3movie.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Michael Niedermayer July 20, 2020, 6:59 p.m. UTC | #1
On Sun, Jul 19, 2020 at 10:47:55PM +0200, Andreas Rheinhardt wrote:
> wc3_read_header() might fail after having read some data into a packet
> in which case this data would leak. Fix this by setting the
> AVFMT_HEADER_CLEANUP flag that ensures that the demuxer's read_close
> function is called (it unrefs the packet) if reading the header failed.
> 
> Fixes: memleak
> Fixes: 23660/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6007508031504384
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
> Michael, can you confirm that this fixes the memleak?

confirmed, memleak fixed too
LGTM

thx

[...]
diff mbox series

Patch

diff --git a/libavformat/wc3movie.c b/libavformat/wc3movie.c
index 6577007777..ebe2196052 100644
--- a/libavformat/wc3movie.c
+++ b/libavformat/wc3movie.c
@@ -299,6 +299,7 @@  static int wc3_read_close(AVFormatContext *s)
 AVInputFormat ff_wc3_demuxer = {
     .name           = "wc3movie",
     .long_name      = NULL_IF_CONFIG_SMALL("Wing Commander III movie"),
+    .flags          = AVFMT_HEADER_CLEANUP,
     .priv_data_size = sizeof(Wc3DemuxContext),
     .read_probe     = wc3_probe,
     .read_header    = wc3_read_header,