From patchwork Tue Nov 21 23:42:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dale Curtis X-Patchwork-Id: 6252 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.2.161.94 with SMTP id m30csp5913333jah; Tue, 21 Nov 2017 15:43:10 -0800 (PST) X-Google-Smtp-Source: AGs4zMbHU7kFRd1QVtsgu2uLYEGMEGRzHreIys4ubV/zNg6P0scoAN8rS3YBemvzQKf57sxmiNrX X-Received: by 10.28.19.1 with SMTP id 1mr2327028wmt.20.1511307790769; Tue, 21 Nov 2017 15:43:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511307790; cv=none; d=google.com; s=arc-20160816; b=V/98K/RtD4LghaUwr70th8NTPWdYvPygS5atm5tnvBxQG3bQ8SP/0vNO/CrVvrqVau 9/f1esZOG12k5oR/Im4YR0LRnl60beUzP4YLnh8UAT43G5xe51GDbhBlDPprO8pmlFU9 Hq1i04QMd6xM0o7FtG0jaIkjRZBJgkoI5vDgv10MSq/IkJ8KmqUtkN4vsFePUjD6j4n2 eJzoIUbhiiLgajobKwB5Rr8HHHLS8P2hpteDyF+Wvz0rm9NclofE92fzAy7fw8J9A8ME RJb9o8aT9K+hWFXdZe50RxcLs8RPKmnN9RijjBCuoTK36Q9+kgEBNR6HnvhPQPDHQa95 VnWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:to :message-id:date:from:mime-version:dkim-signature:dkim-signature :delivered-to:arc-authentication-results; bh=pxAN+6UUMyY6HmF8p0h8OpoFClckT0O8MSAY0TAcBW4=; b=CxSbk4FKlQIUzEDQYFYEXJrfO9xeowdlt0V2SVtLuN9nqeJeOBvLF6zKUyhRJsnDr4 lgP78RY2XUgn30RxEIyiPwKeUghWzWtLXo9SQ21vbVwlwtSmXur4WnlJ1lRTJZQcdjjW 51vqvyK7gsSuXUJP9EBGfvAWV/HDwOsmEqFvqSIZdAQMy+SjDAhLxUl8HV8iaikQ7JBL p9aXYIBeAbScvOikECidf65gKz52u+WrJgsAsAalrO3Ymjy2J4SbM1jyYvMuGGIoRWPY ubqgz8uHirsJLC2BXAYG/f581hIBsldiBHx2rs9B3+9GgNLxJePHCehEeJlUlzWj758s jltg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b=Cv+2jmAz; dkim=neutral (body hash did not verify) header.i=@chromium.org header.s=google header.b=J1xCEy26; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id i75si11184774wri.134.2017.11.21.15.43.10; Tue, 21 Nov 2017 15:43:10 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b=Cv+2jmAz; dkim=neutral (body hash did not verify) header.i=@chromium.org header.s=google header.b=J1xCEy26; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B0FAA689D74; Wed, 22 Nov 2017 01:43:09 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr0-f181.google.com (mail-wr0-f181.google.com [209.85.128.181]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EE5FE680624 for ; Wed, 22 Nov 2017 01:43:02 +0200 (EET) Received: by mail-wr0-f181.google.com with SMTP id l22so12850315wrc.11 for ; Tue, 21 Nov 2017 15:43:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=o1igBNkWq4vz3vkhklQltgFHYNxFwpDGOoECjYnxAgI=; b=Cv+2jmAzC4Kcv1p7ZNimj8hZIMj8RpFYcyvuayPHrgnKBGqFoC4iwcqCHuTqOtzQ8g oFAMZYL3CEikkcrYy/4XnIRDxaTKh8MpoAMKgcKv7Uc2Rv+Ztj/yjx8HJtIxyCWWcp13 mOf7kFDpzUJ+b9mnqMR0D2yUnfG7uiDD1/c0mCmmhHeu/+c/q9Cjqj1cF2OUDx+IpZ/N htmES1mdYhHvxSLXSNK1/OinYeDPKR61PfopZjqOhhgCDZkWW0x/x/6gmrMXqJKmPqK9 HGwuClZzK0NaEzMh7io+1McaIeV760hKR5FjcxqtPt64P4t6ctfEgB+VsR39U8FI4OHd Nzwg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:from:date:message-id:subject:to; bh=o1igBNkWq4vz3vkhklQltgFHYNxFwpDGOoECjYnxAgI=; b=J1xCEy26UgqwXnFl0yfNHA2SFcjZjm8RAVLGlxOXuaTiAEdmA9D6AapEQJvclwAh9+ bwv8B7f0RsvWFAi0YgAGnr7dKBsz5udDNV/FFP+t+upEuhc6XSWPdjrwr4Wja1i4PL2K T4wjVJA3cuwSZlzPBZaBRMaQY3a4ZnVzdMTvE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=o1igBNkWq4vz3vkhklQltgFHYNxFwpDGOoECjYnxAgI=; b=oRDQPe66msdC1JgB9VfJCjpKcZ60Rcd65ALdyNMMs0/iiw2kCwYNS/xyYOLnOlI/+O F4HM3MSU1cumb4uX96K7TcgfHc2R52gE/80sXGvYB48gH5Gow3+qx/LG4a/ZZz/xNf7k 5wcXBj/qb7+pkK6GdhxRvZvvztMtOLU0IItNNaJGEeiM9ckoG4eF2KGSnIOHFTqcsvdq W3eyNMn4iqIJUZSSXkuzFeqIoV9lUxnbAkeFdEM4rirc31q4ptBYGLqq/MIiR4YYR6BY JOc9lntyMu74T0xinx4cCvz0DhAxnQ0cTEShn8Hb1WKEzghNlKHbfGhIsheHaqF0/dRb H6YQ== X-Gm-Message-State: AJaThX736Pp3GIkKh71/wMglj1Ko0+INgFtNuQzeDaTX/W2HASEXZdHe C7h3JrbbjbWl6faG+Q1Q+nIOQgJApCjIBuIJoPS87yIcstw= X-Received: by 10.223.165.89 with SMTP id j25mr16873164wrb.206.1511307782009; Tue, 21 Nov 2017 15:43:02 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.161.4 with HTTP; Tue, 21 Nov 2017 15:42:40 -0800 (PST) From: Dale Curtis Date: Tue, 21 Nov 2017 15:42:40 -0800 X-Google-Sender-Auth: IipitZWm6VxBbCYXfYGTFiszlxs Message-ID: To: FFmpeg development discussions and patches X-Content-Filtered-By: Mailman/MimeDel 2.1.20 Subject: [FFmpeg-devel] [mov] Increment stsd_count while processing stsd data; avoids leaks. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" In the event of ff_mov_read_stsd_entries() failure, sc->stsd_count is not updated, even if the function allocates extradata memory. Instead update the sc->stsd_count as entries are parsed so that mov_read_close() can do the right thing. Signed-off-by: Dale Curtis From 3c69f724173582f48189a92c3116a6783e078961 Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Tue, 21 Nov 2017 15:40:22 -0800 Subject: [PATCH] [mov] Increment stsd_count while processing stsd data; avoids leaks. In the event of ff_mov_read_stsd_entries() failure, sc->stsd_count is not updated, even if the function allocates extradata memory. Instead update the sc->stsd_count as entries are parsed so that mov_read_close() can do the right thing. Signed-off-by: Dale Curtis --- libavformat/mov.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index b6cdf3a52a..9e876efc8c 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2464,8 +2464,10 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries) } if (mov_skip_multiple_stsd(c, pb, st->codecpar->codec_tag, format, - size - (avio_tell(pb) - start_pos))) + size - (avio_tell(pb) - start_pos))) { + sc->stsd_count++; continue; + } sc->pseudo_stream_id = st->codecpar->codec_tag ? -1 : pseudo_stream_id; sc->dref_id= dref_id; @@ -2517,6 +2519,7 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries) av_freep(&st->codecpar->extradata); st->codecpar->extradata_size = 0; } + sc->stsd_count++; } if (pb->eof_reached) @@ -2566,8 +2569,6 @@ static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (ret < 0) goto fail; - sc->stsd_count = entries; - /* Restore back the primary extradata. */ av_freep(&st->codecpar->extradata); st->codecpar->extradata_size = sc->extradata_size[0]; -- 2.15.0.448.gf294e3d99a-goog