[FFmpeg-devel,2/2] avformat/samidec: Deallocate hdr_buf

Message ID	20210227222810.1462-2-michael@niedermayer.cc
State	Accepted
Commit	1c88098651469bf749eedd51f3227ec7edb4c2de
Headers	show Return-Path: <ffmpeg-devel-bounces@ffmpeg.org> From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Sat, 27 Feb 2021 23:28:10 +0100 Message-Id: <20210227222810.1462-2-michael@niedermayer.cc> In-Reply-To: <20210227222810.1462-1-michael@niedermayer.cc> References: <20210227222810.1462-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 2/2] avformat/samidec: Deallocate hdr_buf Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Series	[FFmpeg-devel,1/2] avformat/mvi: Check audio size for more overflows \| expand [FFmpeg-devel,1/2] avformat/mvi: Check audio size for more overflows [FFmpeg-devel,2/2] avformat/samidec: Deallocate hdr_buf

Message ID

20210227222810.1462-2-michael@niedermayer.cc

State

Accepted

Commit

1c88098651469bf749eedd51f3227ec7edb4c2de

Headers

From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sat, 27 Feb 2021 23:28:10 +0100
Message-Id: <20210227222810.1462-2-michael@niedermayer.cc>
In-Reply-To: <20210227222810.1462-1-michael@niedermayer.cc>
References: <20210227222810.1462-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH 2/2] avformat/samidec: Deallocate hdr_buf
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Series

[FFmpeg-devel,1/2] avformat/mvi: Check audio size for more overflows | expand

Checks

Context	Check	Description
andriy/x86_make	success	Make finished
andriy/x86_make_fate	success	Make fate finished
andriy/PPC64_make	success	Make finished
andriy/PPC64_make_fate	success	Make fate finished

Context

Check

Description

andriy/x86_make

success

Make finished

andriy/x86_make_fate

success

Make fate finished

andriy/PPC64_make

success

Make finished

andriy/PPC64_make_fate

success

Make fate finished

Commit Message

Michael Niedermayer Feb. 27, 2021, 10:28 p.m. UTC

Fixes: memleak
Fixes: 30841/clusterfuzz-testcase-minimized-ffmpeg_dem_SAMI_fuzzer-4521799196999680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/samidec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/samidec.c b/libavformat/samidec.c
index cf5076c7b8..d84f56ce6f 100644
--- a/libavformat/samidec.c
+++ b/libavformat/samidec.c
@@ -89,6 +89,7 @@  static int sami_read_header(AVFormatContext *s)
             sub = ff_subtitles_queue_insert(&sami->q, buf.str, buf.len, !is_sync);
             if (!sub) {
                 res = AVERROR(ENOMEM);
+                av_bprint_finalize(&hdr_buf, NULL);
                 goto end;
             }
             if (is_sync) {
@@ -97,6 +98,7 @@  static int sami_read_header(AVFormatContext *s)
                 sub->pts      = p ? strtol(p, NULL, 10) : 0;
                 if (sub->pts <= INT64_MIN/2 || sub->pts >= INT64_MAX/2) {
                     res = AVERROR_PATCHWELCOME;
+                    av_bprint_finalize(&hdr_buf, NULL);
                     goto end;
                 }

[FFmpeg-devel,2/2] avformat/samidec: Deallocate hdr_buf

Checks

Commit Message

Patch