From patchwork Mon Jul 20 06:15:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21198 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 25EEE447C4E for ; Mon, 20 Jul 2020 09:16:16 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0DFF968B9D6; Mon, 20 Jul 2020 09:16:16 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ed1-f65.google.com (mail-ed1-f65.google.com [209.85.208.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8766868B9D4 for ; Mon, 20 Jul 2020 09:16:09 +0300 (EEST) Received: by mail-ed1-f65.google.com with SMTP id d16so11879971edz.12 for ; Sun, 19 Jul 2020 23:16:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9stKbd4qkPuKTSkrnlmu9o0NJz28SHNCr9oRas2wgmI=; b=p9UE0GVRhKIJu7ioUs/Ts6odDhf3D76oPC90pZu3onvuVRPsvZZvM456j2ksiJKy5p klmXQMOjj83uzy/qu5V3BWWPBMBGtowgdkJI0OTFJI/vv9yd01JmQZUy1FuCF0nCLtjs cxHslfOezZB8LU+bpG3ZknmBJ6Ue6692a/6/pmK/BVAsFEJkM2vNB31YLP3Qvasiubep UcM171g2plK6dn6qvyCLXNqPBko5ZrBXh/rGdJMSz8XmR3JTXlxt6tXY8renDEQQnb0D EtgHN22UDSNcHxIuvGpMtJ3nL/X0pz1JFSggKZQXpNH0yZroUiXMJ6XdBab1k/6x5Bie 1daw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9stKbd4qkPuKTSkrnlmu9o0NJz28SHNCr9oRas2wgmI=; b=bFyS6KWE0d1f7bsNBsxJOrNLBbmqHyrAD5kqFsK3sLxvZgDkhBHz2RwDwq6vVUU9jV YOohMl/xSygE0jAdKLuPVD7BVWfNwWn0HmmtJwQmN0GG8uDzLz8FEXyK+7KUMv4p0t+Y WAd0nWS92l9UtIaRsC+4IbLmMKo3VnHLiQHz7+IUNIERXrn9rO8oY8RDwJdmUftPwPT3 fR0G+7d3xVTvlrmzR/Sdn82n0yfjkTp7a1p09Bo8PdPbcmAE8Hgkoqo/6kTpHXoD0XPb lb2RjMmWYPa1GCiRtcP/Mw31dxhFLz5d28QGHTNWhXdZgiL7CxZ0Hzp7bOLb6LGpOeue pJeQ== X-Gm-Message-State: AOAM530Pr/F8PkLVr4urAI/UKkhVSyz4MqB5+TLh92CnZI1n+L8r/g2X WgwxcPKQ6DMvtBJSazu74zDOVQjy X-Google-Smtp-Source: ABdhPJyKLSR0wpXAVtKBrjCHiKJqHpm2A/FU0+pNzVVUicQlyipKWwOaElxzrdfJNh7z67bpKoEP0w== X-Received: by 2002:a05:6402:3049:: with SMTP id bu9mr20660544edb.232.1595225768576; Sun, 19 Jul 2020 23:16:08 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de. [188.193.2.150]) by smtp.gmail.com with ESMTPSA id y21sm14044773ejo.4.2020.07.19.23.16.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Jul 2020 23:16:08 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 20 Jul 2020 08:15:44 +0200 Message-Id: <20200720061545.18854-2-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200720061545.18854-1-andreas.rheinhardt@gmail.com> References: <20200720061545.18854-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/3] avformat/mxfdec: Fix memleak when parsing tag fails X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The MXF demuxer uses an array of pointers to different structures of metadata (all containing a common initial sequence containing a type field to distinguish them) and some of these structures contain pointers to separately allocated subelements. If an error happens while reading and creating the tags, the semi-finished new tag is freed using the function to free these tags. But this function doesn't free the already allocated subelements, because the type has not been set yet. This commit changes this. Signed-off-by: Andreas Rheinhardt --- libavformat/mxfdec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 08ad92cc0c..3016885e75 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -2714,6 +2714,7 @@ static const MXFMetadataReadTableEntry mxf_metadata_read_table[] = { static int mxf_metadataset_init(MXFMetadataSet *ctx, enum MXFMetadataSetType type) { + ctx->type = type; switch (type){ case MultipleDescriptor: case Descriptor: @@ -2734,7 +2735,8 @@ static int mxf_read_local_tags(MXFContext *mxf, KLVPacket *klv, MXFMetadataReadF if (!ctx) return AVERROR(ENOMEM); - mxf_metadataset_init(ctx, type); + if (ctx_size) + mxf_metadataset_init(ctx, type); while (avio_tell(pb) + 4 < klv_end && !avio_feof(pb)) { int ret; int tag = avio_rb16(pb); @@ -2770,7 +2772,6 @@ static int mxf_read_local_tags(MXFContext *mxf, KLVPacket *klv, MXFMetadataReadF * it extending past the end of the KLV though (zzuf5.mxf). */ if (avio_tell(pb) > klv_end) { if (ctx_size) { - ctx->type = type; mxf_free_metadataset(&ctx, 1); } @@ -2781,7 +2782,6 @@ static int mxf_read_local_tags(MXFContext *mxf, KLVPacket *klv, MXFMetadataReadF } else if (avio_tell(pb) <= next) /* only seek forward, else this can loop for a long time */ avio_seek(pb, next, SEEK_SET); } - if (ctx_size) ctx->type = type; return ctx_size ? mxf_add_metadata_set(mxf, &ctx) : 0; }