diff mbox series

[FFmpeg-devel,2/5] avformat/mov: Fix memleak in dref reading

Message ID 20201030215206.1629-2-michael@niedermayer.cc
State Accepted
Commit 3b8a263c4f0e750f809282b9e6830c125d6c9db3
Headers show
Series [FFmpeg-devel,1/5] avformat/argo_brp: Check block align before use
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished

Commit Message

Michael Niedermayer Oct. 30, 2020, 9:52 p.m. UTC
Fixes: leak in mov_read_dref()
Fixes: 26698/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5638785444085760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Michael Niedermayer Nov. 26, 2020, 12:41 a.m. UTC | #1
On Fri, Oct 30, 2020 at 10:52:03PM +0100, Michael Niedermayer wrote:
> Fixes: leak in mov_read_dref()
> Fixes: 26698/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5638785444085760
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/mov.c | 5 +++++
>  1 file changed, 5 insertions(+)

will apply

[...]
diff mbox series

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dd0db6bca7..c8a38ec4df 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -588,6 +588,11 @@  static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         entries >= UINT_MAX / sizeof(*sc->drefs))
         return AVERROR_INVALIDDATA;
 
+    for (i = 0; i < sc->drefs_count; i++) {
+        MOVDref *dref = &sc->drefs[i];
+        av_freep(&dref->path);
+        av_freep(&dref->dir);
+    }
     av_free(sc->drefs);
     sc->drefs_count = 0;
     sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));