| Message ID | 20200719204755.32269-2-andreas.rheinhardt@gmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [FFmpeg-devel,v2,1/2] avformat: Redo cleanup of demuxer upon read_header() failure | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/make | success | Make finished |
| andriy/make_fate | success | Make fate finished |
On Sun, Jul 19, 2020 at 10:47:55PM +0200, Andreas Rheinhardt wrote: > wc3_read_header() might fail after having read some data into a packet > in which case this data would leak. Fix this by setting the > AVFMT_HEADER_CLEANUP flag that ensures that the demuxer's read_close > function is called (it unrefs the packet) if reading the header failed. > > Fixes: memleak > Fixes: 23660/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6007508031504384 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > Michael, can you confirm that this fixes the memleak? confirmed, memleak fixed too LGTM thx [...]
diff --git a/libavformat/wc3movie.c b/libavformat/wc3movie.c index 6577007777..ebe2196052 100644 --- a/libavformat/wc3movie.c +++ b/libavformat/wc3movie.c @@ -299,6 +299,7 @@ static int wc3_read_close(AVFormatContext *s) AVInputFormat ff_wc3_demuxer = { .name = "wc3movie", .long_name = NULL_IF_CONFIG_SMALL("Wing Commander III movie"), + .flags = AVFMT_HEADER_CLEANUP, .priv_data_size = sizeof(Wc3DemuxContext), .read_probe = wc3_probe, .read_header = wc3_read_header,
wc3_read_header() might fail after having read some data into a packet in which case this data would leak. Fix this by setting the AVFMT_HEADER_CLEANUP flag that ensures that the demuxer's read_close function is called (it unrefs the packet) if reading the header failed. Fixes: memleak Fixes: 23660/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6007508031504384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- Michael, can you confirm that this fixes the memleak? libavformat/wc3movie.c | 1 + 1 file changed, 1 insertion(+)