From patchwork Sun Jul 19 20:47:54 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 21194
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 9E74F44B520
	for <patchwork@ffaux-bg.ffmpeg.org>; Sun, 19 Jul 2020 23:48:11 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 764C568B982;
	Sun, 19 Jul 2020 23:48:11 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ej1-f66.google.com (mail-ej1-f66.google.com
 [209.85.218.66])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6155468B891
 for <ffmpeg-devel@ffmpeg.org>; Sun, 19 Jul 2020 23:48:05 +0300 (EEST)
Received: by mail-ej1-f66.google.com with SMTP id f12so16028166eja.9
 for <ffmpeg-devel@ffmpeg.org>; Sun, 19 Jul 2020 13:48:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=gyfG3Mi+ImzIJttsG257PnH7sUwemPq4grUzEXN4DNQ=;
 b=qIi6wQML8OJS5bQkY86ijgl1ZT38f/JF362av0Xc8LCcm7XHJ/tgoFr4Msl1ud84Ef
 WIJMZhH+hqI2ppW5fRRX7bk1Rzx4SqJMqpeiurOYh2MJMxTzBLOae1q6hVhr/On3Z/Ya
 +oQOfY7YG6U1acg2EJIFR8yEoH1M/nAgsYACkvzoBezsz4qCEaAsy8QkE9LXgAMVkYYH
 HtZaVcbf4S4Iiu9exGDPapZR6G2FiCprtxqP5hnoI+6IvQMI00yK/CkaefY/MDo+/i76
 yXTsH9Q/02Tpndp15PNvxJW4E/YtpUSyTTErb7zo7d4Vjnztb4KT9ppG+ZJLvgPFHESQ
 tt2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=gyfG3Mi+ImzIJttsG257PnH7sUwemPq4grUzEXN4DNQ=;
 b=Row1x/StmFqtG+HLV52x5arLqw4cYmKSStbA2/plnclwuOSu/MkFSlaEOfePj/l5AC
 9R+TEh3GkSL08Tg0ILYJyRgYoBiDMA7eQb/QVX3gBtlPP0oNa9c3bjl5yhjVS7u2t187
 QSIACBRBjICXgRFI9JdE+4bYzILzM22ibhOMlEZ5QpLoU2v2InO9KH9EjJiYs4BgxU3Q
 qF8YQKAVxlRXSS9e10FzP5egAZB0cwspqNZqK3QyqijdZMvCzKBwn+VLf7NA/UgLx35A
 DLOYEGo806RdApigjDJHAzBFp3fyCkf93j0QFlHcBABY6YvgibVHgaqZzYwFZNQCCOwB
 4rNw==
X-Gm-Message-State: AOAM532Q5v5u5K4TgmphbPeIV09hEC+uJr1BxwT26XMeeNrSxjiJVQQ/
 s5Bna9DH3YLHYxrCrPZ/QzQEXWtZ
X-Google-Smtp-Source: 
 ABdhPJynaz5QcIE6XVjiQS+eg0cLKhyQ7GobIFncuImweWk5IT9ZsAXm9mHmZ8dfYcF4GpB1tIun0g==
X-Received: by 2002:a17:906:7115:: with SMTP id
 x21mr17584432ejj.86.1595191684293;
 Sun, 19 Jul 2020 13:48:04 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id hb8sm13421913ejb.8.2020.07.19.13.48.03
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 19 Jul 2020 13:48:03 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Sun, 19 Jul 2020 22:47:54 +0200
Message-Id: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH v2 1/2] avformat: Redo cleanup of demuxer
	upon read_header() failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

If reading the header fails, the demuxer's read_close() function (if
existing) is not called automatically; instead several demuxers call it
via "goto fail" in read_header().

This commit intends to change this by adding a flag to AVInputFormat
that can be used to set on a per-AVInputFormat basis whether read_close()
should be called generically after an error during read_header().

The flag controlling this behaviour needs to be added because it might
be unsafe to call read_close() generally (e.g. this might lead to
read_close() being called twice and this might e.g. lead to double-frees
if av_free() is used instead of av_freep(); or a size field has not
been reset after freeing the elements (see the mov demuxer for an
example of this)). Yet the intention is to check and fix all demuxers
and make the flag redundant in the medium run.

The flag itself is non-public (it resides in libavformat/internal.h),
but it has been added to the ordinary (i.e. public) flags field of
AVInputFormat, because there is no field for internal flags and adding
one is not possible, because libavdevice also defines AVInputFormats
and so there is the possibility that a newer libavformat is used
together with an older libavdevice that would then lack the new field
for internal flags. When it has become redundant, it can be removed again
at the next major version bump.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
This is an updated version of my initial patch [1]. I have also rebased
the whole set of patches following it (with the exception of the w3c
patch in the next patch they no longer fix a memleak; instead they now
only set the flag and remove the manual calls to read_close). Should I
resend the other patches, too?

[1]: https://ffmpeg.org/pipermail/ffmpeg-devel/2020-March/258830.html

 libavformat/internal.h |  6 ++++++
 libavformat/utils.c    | 11 +++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/libavformat/internal.h b/libavformat/internal.h
index 17a6ab07d3..b7441a5959 100644
--- a/libavformat/internal.h
+++ b/libavformat/internal.h
@@ -39,6 +39,12 @@
 #    define hex_dump_debug(class, buf, size) do { if (0) av_hex_dump_log(class, AV_LOG_DEBUG, buf, size); } while(0)
 #endif
 
+/** Internal flag that is part of AVInputFormat.flags due to
+ *  ABI restrictions that forbid adding a new flags_internal
+ *  to AVInputFormat. */
+#define AVFMT_HEADER_CLEANUP 0x40000000 /**< read_close() should be called
+                                             on read_header() failure */
+
 typedef struct AVCodecTag {
     enum AVCodecID id;
     unsigned int tag;
diff --git a/libavformat/utils.c b/libavformat/utils.c
index 807d9f10cb..2148a03497 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -396,8 +396,12 @@ int av_demuxer_open(AVFormatContext *ic) {
 
     if (ic->iformat->read_header) {
         err = ic->iformat->read_header(ic);
-        if (err < 0)
+        if (err < 0) {
+            if (ic->iformat->read_close &&
+                ic->iformat->flags & AVFMT_HEADER_CLEANUP)
+                ic->iformat->read_close(ic);
             return err;
+        }
     }
 
     if (ic->pb && !ic->internal->data_offset)
@@ -624,8 +628,11 @@ FF_ENABLE_DEPRECATION_WARNINGS
 
 
     if (!(s->flags&AVFMT_FLAG_PRIV_OPT) && s->iformat->read_header)
-        if ((ret = s->iformat->read_header(s)) < 0)
+        if ((ret = s->iformat->read_header(s)) < 0) {
+            if (s->iformat->flags & AVFMT_HEADER_CLEANUP)
+                goto close;
             goto fail;
+        }
 
     if (!s->metadata) {
         s->metadata = s->internal->id3v2_meta;

From patchwork Sun Jul 19 20:47:55 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 21195
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id C984F44B520
	for <patchwork@ffaux-bg.ffmpeg.org>; Sun, 19 Jul 2020 23:48:33 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B292868B98E;
	Sun, 19 Jul 2020 23:48:33 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com
 [209.85.218.48])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B3C6168B975
 for <ffmpeg-devel@ffmpeg.org>; Sun, 19 Jul 2020 23:48:27 +0300 (EEST)
Received: by mail-ej1-f48.google.com with SMTP id lx13so16074996ejb.4
 for <ffmpeg-devel@ffmpeg.org>; Sun, 19 Jul 2020 13:48:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=wokC8fv1VqdqHJEcdWUR7aX514WOndkM6Imt0qtxWOo=;
 b=A4ALqt7bdqPOcP2YVSoNHDxl++jfNryq3yWOdiujD+D6tSiT7RI9tFDI/3Ud9iKE3B
 AcECEYSM5S6iT2RplrhR9s6K1NtaFV5OheaGPnDWAwKtBi8PW0rBVQB/CxGIr/eUdCVI
 xaNdxMIJrW6NEw+mTPXgWlojMq1fhmGFvbDzgr+HnDeQvIKEKICs8DWnuSy8FjkLwZPO
 rv2xoeBkpWcHZUZIL0o46iYpf34cldAbeENz3qEPEIjZVCIqhfEUtUxZZYwS/Q7z6nx8
 MB3QRy7VBitaYMS+4lrKC0DDuVST65dnGQ6vYb3zac5GKWLBdIsdSeEgJUYiEycjIY89
 5fSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=wokC8fv1VqdqHJEcdWUR7aX514WOndkM6Imt0qtxWOo=;
 b=otUUcfqIs+ECuHBtLBMVdKsOBi8jzBUM4l8GHQDomoU4vEKrAQDhVQWZ5yLzA6Bj9n
 pIHjaoOLtE0qQmop72OH4lOVJF4dJQsf5TH1cs3OPGunCozkvJopZlRzRM2RkXzQAARm
 xaRsj46AHreCw6ayXifAYBJYaV1Zetkvc0GYrARkymPUcUfTPbWI+RoHTod72jEn+480
 bJ4VwBN60o4ZcnN3aNlonX784lRz7xRzUlsrmlc8VpJO3Nh790qPOeyLKnjhFUWkY8U4
 owXGOJdnLt6DXfgTDtH4Zp8V35Gal0UaGEejGsz/AoaGguz0S6Zqc3D3gGcG5J5AM7KU
 1Vlg==
X-Gm-Message-State: AOAM530BIsHpXYtKOP5vOEeEuf/WjtfkPp7mG6Zo3AHC7pO5Wo1XT0WB
 nctwRi81sHBZ9OpgwtO9P3BAK5Gp
X-Google-Smtp-Source: 
 ABdhPJzXcDPf4+8Yd/v6AjHz+va5JXrUOB8vcDG+7UWgikKGS83cb2Cc7VOaJmySaHGy7VBFHhjunQ==
X-Received: by 2002:a17:907:6fc:: with SMTP id
 yh28mr17740710ejb.267.1595191706697;
 Sun, 19 Jul 2020 13:48:26 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id hb8sm13421913ejb.8.2020.07.19.13.48.25
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 19 Jul 2020 13:48:26 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Sun, 19 Jul 2020 22:47:55 +0200
Message-Id: <20200719204755.32269-2-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
References: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH v2 2/2] avformat/wc3movie: Fix memleak upon
	read_header failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

wc3_read_header() might fail after having read some data into a packet
in which case this data would leak. Fix this by setting the
AVFMT_HEADER_CLEANUP flag that ensures that the demuxer's read_close
function is called (it unrefs the packet) if reading the header failed.

Fixes: memleak
Fixes: 23660/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6007508031504384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
Michael, can you confirm that this fixes the memleak?

 libavformat/wc3movie.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/wc3movie.c b/libavformat/wc3movie.c
index 6577007777..ebe2196052 100644
--- a/libavformat/wc3movie.c
+++ b/libavformat/wc3movie.c
@@ -299,6 +299,7 @@ static int wc3_read_close(AVFormatContext *s)
 AVInputFormat ff_wc3_demuxer = {
     .name           = "wc3movie",
     .long_name      = NULL_IF_CONFIG_SMALL("Wing Commander III movie"),
+    .flags          = AVFMT_HEADER_CLEANUP,
     .priv_data_size = sizeof(Wc3DemuxContext),
     .read_probe     = wc3_probe,
     .read_header    = wc3_read_header,

From patchwork Tue Jul 21 02:12:09 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 21208
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 594CE44B6A8
	for <patchwork@ffaux-bg.ffmpeg.org>; Tue, 21 Jul 2020 05:12:30 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 26CE468BACC;
	Tue, 21 Jul 2020 05:12:30 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com
 [209.85.218.46])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id DB70968B834
 for <ffmpeg-devel@ffmpeg.org>; Tue, 21 Jul 2020 05:12:23 +0300 (EEST)
Received: by mail-ej1-f46.google.com with SMTP id a21so20035411ejj.10
 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Jul 2020 19:12:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=+/HW60OumOlRNE82lxWX4uEDI5wtZGAV7lEc1+J+l0I=;
 b=UcBmZ2vdqKopxtFzShgj1zCFVxomzZ6GEaRObvRus/oaPOeP/80kkNetBE8LtKCEMY
 HtFmBbRWseDiOkNKikYjxKhgoY5lQRshf5pkr24uYrAZrQdiu40+gqO+nUjl9G7rgwOE
 a6KJTJt55KJ9ibsNM3xZh4K3pWVgegpjylF1rTsAgxVrhWd3b6t3KFDkRCka86j/Yl2l
 n1U2T2dZq4aPO0XrLuV4TLlzFfiCGV9J9qRcalIkuNQSHkNCyiF3Zznkcv2uxkc0OGe2
 qYGdQX41Il15c0GmC00BTRqClCSWSZ9qrh3RzkVIz9bqneZg1osRsc+8qiZ/A6jDIFgK
 m3rA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=+/HW60OumOlRNE82lxWX4uEDI5wtZGAV7lEc1+J+l0I=;
 b=m4hXuDhrP+ILje4giXPrRE0bSIV1BQmUeunxF4vrJnU/sT6wKUpkz2BoEdpnbnTJUp
 GACuz2NDQiI5PSRlMSrFTwZJWeGf/dV4B+KsMSwQdEeS+CRRN0AkSL7gUlin3o9d5nAW
 4OJ+AFtG8h1Umm7kgccUepucapxgRqjkro1GzyKdc4cP/yyVg0XRVByOJ0vJTEVAS1zc
 NqnTSq3jXKZiPd5aB/zy6FVk36RXqP7w+ttRRthDHlRq1/BuuYsjzYmzVr1IxgReiA9b
 2eCl8R88dpFb+5M7xyZJvxmcpeUhKAALI5Yfe3SF4jRYf+ZsPtzzVpUroeRCBmxANZ3Q
 tWdQ==
X-Gm-Message-State: AOAM533Mh1u/J9tTqu6vpnERWQfHXlvUc2vMvlf+cu/6YMG0kUwi6sAG
 4iiJkCziSiCDqQjGJ1Ks0oG4Az2o
X-Google-Smtp-Source: 
 ABdhPJzLKB4vvP7ZQvkjUj7jGXl0vXnN+keaH4ytPUCGfVUM0NOQUOG3pmtoILbOYoMBXk23hKw/fQ==
X-Received: by 2002:a17:906:35cd:: with SMTP id
 p13mr23107559ejb.172.1595297542799;
 Mon, 20 Jul 2020 19:12:22 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id p9sm15528563ejd.50.2020.07.20.19.12.21
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 20 Jul 2020 19:12:22 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 21 Jul 2020 04:12:09 +0200
Message-Id: <20200721021215.32647-1-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
References: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 3/9] avformat/mxfdec: Simplify cleanup after
	read_header failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

by setting the AVFMT_HEADER_CLEANUP flag.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/mxfdec.c | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 90546d42b3..06c6e0890b 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -302,8 +302,6 @@ typedef struct MXFMetadataReadTableEntry {
     enum MXFMetadataSetType type;
 } MXFMetadataReadTableEntry;
 
-static int mxf_read_close(AVFormatContext *s);
-
 /* partial keys to match */
 static const uint8_t mxf_header_partition_pack_key[]       = { 0x06,0x0e,0x2b,0x34,0x02,0x05,0x01,0x01,0x0d,0x01,0x02,0x01,0x01,0x02 };
 static const uint8_t mxf_essence_element_key[]             = { 0x06,0x0e,0x2b,0x34,0x01,0x02,0x01,0x01,0x0d,0x01,0x03,0x01 };
@@ -3169,7 +3167,6 @@ static int mxf_read_header(AVFormatContext *s)
 
     if (!mxf_read_sync(s->pb, mxf_header_partition_pack_key, 14)) {
         av_log(s, AV_LOG_ERROR, "could not find header partition pack key\n");
-        //goto fail should not be needed as no metadata sets will have been parsed yet
         return AVERROR_INVALIDDATA;
     }
     avio_seek(s->pb, -14, SEEK_CUR);
@@ -3200,8 +3197,7 @@ static int mxf_read_header(AVFormatContext *s)
 
             if (!mxf->current_partition) {
                 av_log(mxf->fc, AV_LOG_ERROR, "found essence prior to first PartitionPack\n");
-                ret = AVERROR_INVALIDDATA;
-                goto fail;
+                return AVERROR_INVALIDDATA;
             }
 
             if (!mxf->current_partition->first_essence_klv.offset)
@@ -3226,7 +3222,7 @@ static int mxf_read_header(AVFormatContext *s)
         for (metadata = mxf_metadata_read_table; metadata->read; metadata++) {
             if (IS_KLV_KEY(klv.key, metadata->key)) {
                 if ((ret = mxf_parse_klv(mxf, klv, metadata->read, metadata->ctx_size, metadata->type)) < 0)
-                    goto fail;
+                    return ret;
                 break;
             }
         }
@@ -3239,21 +3235,20 @@ static int mxf_read_header(AVFormatContext *s)
     /* FIXME avoid seek */
     if (!essence_offset)  {
         av_log(s, AV_LOG_ERROR, "no essence\n");
-        ret = AVERROR_INVALIDDATA;
-        goto fail;
+        return AVERROR_INVALIDDATA;
     }
     avio_seek(s->pb, essence_offset, SEEK_SET);
 
     /* we need to do this before computing the index tables
      * to be able to fill in zero IndexDurations with st->duration */
     if ((ret = mxf_parse_structural_metadata(mxf)) < 0)
-        goto fail;
+        return ret;
 
     for (int i = 0; i < s->nb_streams; i++)
         mxf_handle_missing_index_segment(mxf, s->streams[i]);
 
     if ((ret = mxf_compute_index_tables(mxf)) < 0)
-        goto fail;
+        return ret;
 
     if (mxf->nb_index_tables > 1) {
         /* TODO: look up which IndexSID to use via EssenceContainerData */
@@ -3261,8 +3256,7 @@ static int mxf_read_header(AVFormatContext *s)
                mxf->nb_index_tables, mxf->index_tables[0].index_sid);
     } else if (mxf->nb_index_tables == 0 && mxf->op == OPAtom && (s->error_recognition & AV_EF_EXPLODE)) {
         av_log(mxf->fc, AV_LOG_ERROR, "cannot demux OPAtom without an index\n");
-        ret = AVERROR_INVALIDDATA;
-        goto fail;
+        return AVERROR_INVALIDDATA;
     }
 
     mxf_compute_essence_containers(s);
@@ -3271,10 +3265,6 @@ static int mxf_read_header(AVFormatContext *s)
         mxf_compute_edit_units_per_packet(mxf, s->streams[i]);
 
     return 0;
-fail:
-    mxf_read_close(s);
-
-    return ret;
 }
 
 /* Get the edit unit of the next packet from current_offset in a track. The returned edit unit can be original_duration as well! */
@@ -3740,7 +3730,7 @@ static const AVClass demuxer_class = {
 AVInputFormat ff_mxf_demuxer = {
     .name           = "mxf",
     .long_name      = NULL_IF_CONFIG_SMALL("MXF (Material eXchange Format)"),
-    .flags          = AVFMT_SEEK_TO_PTS,
+    .flags          = AVFMT_SEEK_TO_PTS | AVFMT_HEADER_CLEANUP,
     .priv_data_size = sizeof(MXFContext),
     .read_probe     = mxf_probe,
     .read_header    = mxf_read_header,

From patchwork Tue Jul 21 02:12:10 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 21209
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 74DF844B6A8
	for <patchwork@ffaux-bg.ffmpeg.org>; Tue, 21 Jul 2020 05:12:41 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4EF4F68BAE7;
	Tue, 21 Jul 2020 05:12:41 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ej1-f66.google.com (mail-ej1-f66.google.com
 [209.85.218.66])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E7D0468B834
 for <ffmpeg-devel@ffmpeg.org>; Tue, 21 Jul 2020 05:12:34 +0300 (EEST)
Received: by mail-ej1-f66.google.com with SMTP id a1so20035976ejg.12
 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Jul 2020 19:12:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=61JTjLHjl0Z8LBjnChnlH4xVLtrXfcP4gbKLqLOrzJ4=;
 b=DbFf/u1LZ7BRlj1R4cs1vK9jvRZl/5dAuCgJBkkwnSIWkeY0RY9ShOVLvhmf70aXQW
 88/vMEGEePJPuqLuLJKy9vIWjAV2AGzwsbN5lMm3LL1h0JnqZG1V+MIhRej/0+XvuZuf
 k0qVFuNQhViT73bva2c/jIggYoYV2z32Jsi+E29Z4MWJ76wBYay4Q3lUpV3JuuIlz84w
 qk8pFN29bZttRWovgZu005fXFAiAO4Gk2wGXsbrjoDo6L0gnQNsJ73hF2iuWloaxgfWV
 Iae0HGpNpNTsw/RgWvwTVPvQ4hVgr81uq4KCiSnw4NQ/Ljv0OEtscUu4wa5yrywVvB2x
 UNzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=61JTjLHjl0Z8LBjnChnlH4xVLtrXfcP4gbKLqLOrzJ4=;
 b=dNZyPVTlvRY+CsxfbGvqXIyENXfHz6wpJw7YvZFvhYTcxDdkxFlIeSkIoBNuHFELf0
 0xp/4POzakl/WA1gdWJahBlD9lHhhs3uOh+lRWE/MucJo7MTlEYauv0OjQVsdebsa+dY
 zGvqOsziX8uAFBkFv6hbNqAC0Nl6IDOscHs99yyDca+emfDoWkQVbuPtv/0rszHtDupr
 Bk+lnplJ3srS9O1DuhVriWsicRZtkT7OqpQOuZ8UHGxkYkn4ZXuYK+AwbdTZk5WFTC2u
 n4SaC+GI7+Z4DPSMpnIXLd9VVODbqqobNtxlOA/PEv47I+D4fskq7DHpa7tVS5BJ38KC
 6/IA==
X-Gm-Message-State: AOAM531I7PdfhAJKqSsy/PdviOSD+UTG9XXg7IG90BnH7HgTYeBqFsFC
 WHtJVEO2ZXBUugjV4MGVN9KIDFBB
X-Google-Smtp-Source: 
 ABdhPJxtX2dM6NuWn3I2YgriqlHnBSp7Q0EhRjUCxqQBwyHC1zExBxc+qoT+SBbA5pCHBP4BH7BOpg==
X-Received: by 2002:a17:907:2489:: with SMTP id
 zg9mr22881609ejb.48.1595297554000;
 Mon, 20 Jul 2020 19:12:34 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id p9sm15528563ejd.50.2020.07.20.19.12.33
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 20 Jul 2020 19:12:33 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 21 Jul 2020 04:12:10 +0200
Message-Id: <20200721021215.32647-2-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
References: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 4/9] avformat/rmdec: Actually return value <
	0 on read_header failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

The RealMedia demuxer's read_header function initially initializes ret,
the variable designated for the return variable to -1. Afterwards, chunks
of the file are parsed in a loop until an error happens or until the actual
frame data is encountered. If the first function whose return
value is put into ret doesn't fail, then ret contains a value >= 0
(actually == 0) and this is what will be returned if an error is
encountered afterwards.

This is a regression since 35bbc1955a58ba74552c50d9161084644f00bbd3.
Before that, ret had never been overwritten with a nonnegative value.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/rmdec.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index a36e693ab2..6851b7e1f4 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -538,7 +538,7 @@ static int rm_read_header(AVFormatContext *s)
     unsigned int data_off = 0, indx_off = 0;
     char buf[128], mime[128];
     int flags = 0;
-    int ret = -1;
+    int ret;
     unsigned size, v;
     int64_t codec_pos;
 
@@ -554,6 +554,7 @@ static int rm_read_header(AVFormatContext *s)
     avio_skip(pb, tag_size - 8);
 
     for(;;) {
+        ret = AVERROR_INVALIDDATA;
         if (avio_feof(pb))
             goto fail;
         tag = avio_rl32(pb);
@@ -619,8 +620,9 @@ static int rm_read_header(AVFormatContext *s)
                 avio_seek(pb, codec_pos + size, SEEK_SET);
             } else {
                 avio_skip(pb, -4);
-                if (ff_rm_read_mdpr_codecdata(s, s->pb, st, st->priv_data,
-                                              size, mime) < 0)
+                ret = ff_rm_read_mdpr_codecdata(s, s->pb, st, st->priv_data,
+                                                size, mime);
+                if (ret < 0)
                     goto fail;
             }
 

From patchwork Tue Jul 21 02:12:11 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 21210
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 81D6244B6A8
	for <patchwork@ffaux-bg.ffmpeg.org>; Tue, 21 Jul 2020 05:12:44 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6B58368BAF3;
	Tue, 21 Jul 2020 05:12:44 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ed1-f68.google.com (mail-ed1-f68.google.com
 [209.85.208.68])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 386C268BAC7
 for <ffmpeg-devel@ffmpeg.org>; Tue, 21 Jul 2020 05:12:36 +0300 (EEST)
Received: by mail-ed1-f68.google.com with SMTP id n2so14174967edr.5
 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Jul 2020 19:12:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=DCoR2wtPXpDrs/d/W/B4el1vh/l6zEekD6hp0mqSxRs=;
 b=tvNOAvpxB9k0n7VKcDH8yju3BW/mc5at531f7ib0kDDBM+Quc3t6JkCkpVMvEKWPqc
 I/L3AflEpjRLQmPkMZ8ityhd4GsKMi+z3zquE6PX69iU7fpbyu0bZa7UEUnQdx29Pz0T
 AMoPOLkYHIjYxSkKuKHq6V4oeN0LaVJa6IPzb7SLWgpKXJQYk8aZkEhoVIoI8Q8HK6NK
 W5yLbIAVp/0oixO9Hkg7q1kZ+z3yXh9KpbBLp5+hxeysGbyhoHL/IByeYdsZcKup+b+D
 kSCwvt1/ziGEU+9tMkFMHOE0ySZA8QRYlLJd/d9XfpRqvf2Imt5xe34umDsZ/39YQoD9
 rEOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=DCoR2wtPXpDrs/d/W/B4el1vh/l6zEekD6hp0mqSxRs=;
 b=jjLs1N/I/kKro94T1YFq3xbn7DycJcHWfhnRAbSceFKEQjfPTnLHJ6Ee5sSFBlIbTI
 RpS/8f3rcWw9GEjZ7cGVb5YJbFhGHFWBPp8miEeF7c27ABa0vRPllndZ5yl8u9iA3rOF
 1CzexISdfkutzkxFmDMM4FwXi4sOLKK367X3R2aoncndZaW67MTkyTImptKU+qdk5R4h
 ls/c6TxAACe7GaSFpptkfChDReUCBrZbFVQp4WoDBrkmqk1cv1XY7FV4u/iXaKusN4tj
 Tg7fA3vLY4Ijb9CIO9MeNq88UoQWP1K8v1535QDReuBo+iHxA18k1h7pCxnQ00SORGXY
 4Dhw==
X-Gm-Message-State: AOAM5312d81T1oN3spQ7Lvq9BGjOaBeUnK1MLfA/9h96uAs/kD5Nc5FY
 BUIYoun2rc+EIonlhO6S1ndZPtpW
X-Google-Smtp-Source: 
 ABdhPJwGPo4VPijZquAhr69hJqeteqRuzaiRgt+EUCbajvg4WWPVsQ7nV1TXX2pLsvJfM7NLZwgJYA==
X-Received: by 2002:a05:6402:d06:: with SMTP id
 eb6mr14668398edb.211.1595297555046;
 Mon, 20 Jul 2020 19:12:35 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id p9sm15528563ejd.50.2020.07.20.19.12.34
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 20 Jul 2020 19:12:34 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 21 Jul 2020 04:12:11 +0200
Message-Id: <20200721021215.32647-3-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
References: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 5/9] avformat/rmdec: Fix potential crash on
	allocation failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

The RealMedia demuxer uses the priv_data of its streams to store a
structure containing an AVPacket. These packets are unreferenced in the
read_close function, yet said function simply presumed that the
priv_data has been successfully allocated. This implies that it mustn't
be called when an allocation of priv_data fails; but this can happen
since commit 35bbc1955a58ba74552c50d9161084644f00bbd3 if one has a
stream with multiple substreams (also exported as AVStream) and if
allocating the priv_data for one of these substreams fails.

This has been fixed by making sure that read_close can handle the case
in which priv_data has not been successfully allocated.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
This here is another reason why every demuxer needs to be carefully
checked for whether it is compatible with calling read_close
automatically.

 libavformat/rmdec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 6851b7e1f4..72b8dba741 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -115,6 +115,9 @@ RMStream *ff_rm_alloc_rmstream (void)
 
 void ff_rm_free_rmstream (RMStream *rms)
 {
+    if (!rms)
+        return;
+
     av_packet_unref(&rms->pkt);
 }
 

From patchwork Tue Jul 21 02:12:12 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 21211
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 3073344B6A8
	for <patchwork@ffaux-bg.ffmpeg.org>; Tue, 21 Jul 2020 05:12:45 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 22A4468BAFA;
	Tue, 21 Jul 2020 05:12:45 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com
 [209.85.208.66])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4558968BAE5
 for <ffmpeg-devel@ffmpeg.org>; Tue, 21 Jul 2020 05:12:38 +0300 (EEST)
Received: by mail-ed1-f66.google.com with SMTP id e22so14166722edq.8
 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Jul 2020 19:12:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=N/j9ICfi3cn1RMeK6qBFhpWSw5kLXt6XNEJow/B3FeY=;
 b=fiwHv384snUqBL9ly6FRWQVBKx2pTo4m8hOlDg8XsuTBwqJbdjmloU4A7dZ9qbpwUu
 rL2KzzgiMwG8E45bq+MiQYYOrMHpIXR3Sy3iRnRFag4W3/S2k6Pj/D3MKGRuDCs29Ayh
 DBRfQG/5oVEo2m9kG09GsonAQQ9YaCGV3TgLjeTKyZC1o5NE8/YKI9QClol9WE2GtYLI
 8Ix3oRJ/XnLhpal/2qLjfi9IrnlxfFSD8zwwbkofg4cdWIWw6ulFOd5M0Og3VuLtMa4E
 maYYqkWGOg3wgGiF7OthMojGpqV/LyIYZOwyFyOJh2VX7FtJqdTI9RhOsfB5k4SGFPHg
 p9eQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=N/j9ICfi3cn1RMeK6qBFhpWSw5kLXt6XNEJow/B3FeY=;
 b=DEzj6usRSv9KHvoM0z1emF/390BRKY7RDUO7mQn2Lv3UlcovPwf2lRoXvTXMQhZRRb
 drDWSKGQxCWTcA/C3s+zKV1ItpVf/hCoErwx4TmtSYGg+0eeKC6d8cT8NpIdlObR+ezz
 Giit844nbgnbsN9ivhSuOYmJZbbFRq+uKkQ1sf+YS6OLxMf2AnNn9UmnLidV/bCPdaUW
 wfEfajOs/A0d41eoriw3riFE++1AXa+ArcvhW+Lnhqxk27es5//XnFXPRRF5oD8wgxdX
 Yc2crs6rUggKfroyORESPdwBt6BL38xrDDUDEBMdyZSEwClvbaOWNXUuK8exxQb8bp5+
 afmw==
X-Gm-Message-State: AOAM531zLBP5A+IQxycJORqlXPc/RM52UFwGdNHmqCujMyIoWL/C1cx9
 nCyPwEU64SALqnP4OyQGi00KxdTD
X-Google-Smtp-Source: 
 ABdhPJyIaWr7xDLNMumnxxvVO3X6Gn53+O+ktWFabzOw3l8+sXFfd4oCymr+wHH3BWDf+6pN8MlGjg==
X-Received: by 2002:a05:6402:1c86:: with SMTP id
 cy6mr23628931edb.30.1595297557143;
 Mon, 20 Jul 2020 19:12:37 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id p9sm15528563ejd.50.2020.07.20.19.12.35
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 20 Jul 2020 19:12:36 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 21 Jul 2020 04:12:12 +0200
Message-Id: <20200721021215.32647-4-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
References: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 6/9] avformat/rmdec: Fix memleaks upon
	read_header failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

For both the RealMedia as well as the IVR demuxer (which share the same
context) each AVStream's priv_data contains an AVPacket that might
contain data (even when reading the header) and therefore needs to be
unreferenced. Up until now, this has not always been done:

The RealMedia demuxer didn't do it when allocating a new stream's
priv_data failed although there might other streams with packets to
unreference. (The reason for this was that until recently rm_read_close()
couldn't handle an AVStream without priv_data, so one had to choose
between a potential crash and a memleak.)

The IVR demuxer meanwhile never ever called read_close so that the data
already contained in packets leaks upon error.

This patch fixes both demuxers by setting the AVFMT_HEADER_CLEANUP flag,
thereby ensuring that rm_read_close() is always called when reading the
header fails. This also allows to remove several "goto fail" in
rm_read_header().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/rmdec.c | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 72b8dba741..c88f41c121 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -66,8 +66,6 @@ typedef struct RMDemuxContext {
     int data_end;
 } RMDemuxContext;
 
-static int rm_read_close(AVFormatContext *s);
-
 static inline void get_strl(AVIOContext *pb, char *buf, int buf_size, int len)
 {
     int read = avio_get_str(pb, len, buf, buf_size);
@@ -557,16 +555,15 @@ static int rm_read_header(AVFormatContext *s)
     avio_skip(pb, tag_size - 8);
 
     for(;;) {
-        ret = AVERROR_INVALIDDATA;
         if (avio_feof(pb))
-            goto fail;
+            return AVERROR_INVALIDDATA;
         tag = avio_rl32(pb);
         tag_size = avio_rb32(pb);
         avio_rb16(pb);
         av_log(s, AV_LOG_TRACE, "tag=%s size=%d\n",
                av_fourcc2str(tag), tag_size);
         if (tag_size < 10 && tag != MKTAG('D', 'A', 'T', 'A'))
-            goto fail;
+            return AVERROR_INVALIDDATA;
         switch(tag) {
         case MKTAG('P', 'R', 'O', 'P'):
             /* file header */
@@ -589,8 +586,7 @@ static int rm_read_header(AVFormatContext *s)
         case MKTAG('M', 'D', 'P', 'R'):
             st = avformat_new_stream(s, NULL);
             if (!st) {
-                ret = AVERROR(ENOMEM);
-                goto fail;
+                return AVERROR(ENOMEM);
             }
             st->id = avio_rb16(pb);
             avio_rb32(pb); /* max bit rate */
@@ -619,14 +615,14 @@ static int rm_read_header(AVFormatContext *s)
             if (v == MKBETAG('M', 'L', 'T', 'I')) {
                 ret = rm_read_multi(s, s->pb, st, mime);
                 if (ret < 0)
-                    goto fail;
+                    return ret;
                 avio_seek(pb, codec_pos + size, SEEK_SET);
             } else {
                 avio_skip(pb, -4);
                 ret = ff_rm_read_mdpr_codecdata(s, s->pb, st, st->priv_data,
                                                 size, mime);
                 if (ret < 0)
-                    goto fail;
+                    return ret;
             }
 
             break;
@@ -654,10 +650,6 @@ static int rm_read_header(AVFormatContext *s)
     }
 
     return 0;
-
-fail:
-    rm_read_close(s);
-    return ret;
 }
 
 static int get_num(AVIOContext *pb, int *len)
@@ -1141,6 +1133,7 @@ static int rm_read_seek(AVFormatContext *s, int stream_index,
 AVInputFormat ff_rm_demuxer = {
     .name           = "rm",
     .long_name      = NULL_IF_CONFIG_SMALL("RealMedia"),
+    .flags          = AVFMT_HEADER_CLEANUP,
     .priv_data_size = sizeof(RMDemuxContext),
     .read_probe     = rm_probe,
     .read_header    = rm_read_header,
@@ -1393,6 +1386,7 @@ static int ivr_read_packet(AVFormatContext *s, AVPacket *pkt)
 AVInputFormat ff_ivr_demuxer = {
     .name           = "ivr",
     .long_name      = NULL_IF_CONFIG_SMALL("IVR (Internet Video Recording)"),
+    .flags          = AVFMT_HEADER_CLEANUP,
     .priv_data_size = sizeof(RMDemuxContext),
     .read_probe     = ivr_probe,
     .read_header    = ivr_read_header,

From patchwork Tue Jul 21 02:12:13 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 21212
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 0FAA444B6A8
	for <patchwork@ffaux-bg.ffmpeg.org>; Tue, 21 Jul 2020 05:12:47 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id EC2E968BB03;
	Tue, 21 Jul 2020 05:12:46 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ej1-f65.google.com (mail-ej1-f65.google.com
 [209.85.218.65])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3950E68B9FB
 for <ffmpeg-devel@ffmpeg.org>; Tue, 21 Jul 2020 05:12:39 +0300 (EEST)
Received: by mail-ej1-f65.google.com with SMTP id ga4so20043314ejb.11
 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Jul 2020 19:12:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=UvhTl3ThZK8M9ixD2OaQmUadCjhBAkoiNQSy2qYiPbI=;
 b=iUm+Bv9l4Mqo2XVzyzlTErtZjla0D4iutifm1ws/0pIQzzWDPN0MN6KzTfRHci7oku
 TREM4hMa0MxTgadAH/NICtqTTGYDEa7d8e/fixb/ZOgOFdE/G+yRRuTJvkDyM8FexGE1
 0Ef0XiWbM2d1BmlbkktdqF3QNdutxEqa6Oe0cDSJJRjn6D/X5mV7hI0qKlCZil6I94kv
 po3WFrp8GGB6vD0efaWsF3e0rrKNep4qVkwdDO7ntlvS+WdxT0ku0fHqpTlTG9t6IRya
 arD4cSADNvK/s9euUBltOZ3CSyuBreQKlRWIr8jzSk93I4XnbVTe3WhFRRqYXIgSHYuS
 nnog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=UvhTl3ThZK8M9ixD2OaQmUadCjhBAkoiNQSy2qYiPbI=;
 b=khp6zEkXLHWmdApODSmMwPxA+cWlK3Eh/GCaJQqYCZd2UlmItTZ15YCXfC2Eb4IwXv
 tGROGWgLELlHlexs/2hjATW9Tzr+747rMykBZ4R8mlUfHSQ/0wtu0zfvZwhGMAzLUU9l
 cWOuorYs/Og7hVGYEwknYWvr74+cUsi3jp75pdAtGG1bPsro+Th088xV7sIsBqNDY4go
 wkAvlkZcP7CU+mJRZh7ApmH5mbByS4228cluWR20MMNzvesP+RWzfQ8KC7RgOOMa8PFB
 MlPQNnaEDw2wMxz7UMGBYzOMjlSe2q8SWfn/EXkdYB1JNc1uYt8yfC1BsXY9uqzofi5J
 zVRg==
X-Gm-Message-State: AOAM5331mRL4Ghw/oAg1v4qmz+xKtYixZF2Fa57ll1XUwF2Vjp3R3wHd
 KBy7/Mc/RUnigqVrXj2dT++q/Dwi
X-Google-Smtp-Source: 
 ABdhPJwTWl3p4jP6vSLl36Q3pau1U6/TkP69c/rv35OX+vw+dmx/Q9p19r4kBINlRt3zG8VXuXQu+A==
X-Received: by 2002:a17:907:94c9:: with SMTP id
 dn9mr19803994ejc.355.1595297558306;
 Mon, 20 Jul 2020 19:12:38 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id p9sm15528563ejd.50.2020.07.20.19.12.37
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 20 Jul 2020 19:12:37 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 21 Jul 2020 04:12:13 +0200
Message-Id: <20200721021215.32647-5-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
References: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 7/9] avformat/rmdec: Fix potential shift
	outside of range of int
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

The loop variable here that can be as high as UINT16_MAX - 1 gets
left-shifted by 16 bits which is outside the range of int. So use
unsigned.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/rmdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index c88f41c121..e97b861dee 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -500,7 +500,7 @@ static int rm_read_multi(AVFormatContext *s, AVIOContext *pb,
     if (number_of_mdpr != 1) {
         avpriv_request_sample(s, "MLTI with multiple (%d) MDPR", number_of_mdpr);
     }
-    for (i = 0; i < number_of_mdpr; i++) {
+    for (unsigned i = 0; i < number_of_mdpr; i++) {
         AVStream *st2;
         if (i > 0) {
             st2 = avformat_new_stream(s, NULL);

From patchwork Tue Jul 21 02:12:14 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 21213
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id CA24044B6A8
	for <patchwork@ffaux-bg.ffmpeg.org>; Tue, 21 Jul 2020 05:12:47 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BA48D68BB09;
	Tue, 21 Jul 2020 05:12:47 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com
 [209.85.208.66])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 37BA768BAE8
 for <ffmpeg-devel@ffmpeg.org>; Tue, 21 Jul 2020 05:12:41 +0300 (EEST)
Received: by mail-ed1-f66.google.com with SMTP id d18so14152643edv.6
 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Jul 2020 19:12:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=CIRHd1yvN/Oh+azk8ZEfw+2mbYx+U/ykTlgww7Yu5oo=;
 b=HkoJFs+qDiaD6As4cc+shGcnir07a84CMLRKdmRIzzN4jVpDV+CMe90QUQtj4LG9ro
 9dKULp7L156StNlgBwX6rSCt4j6YkNYhMoGyiEJ6PK2GgOQGuXivpDnPIixxYXB7QyAa
 Zj6SCC8zj0AbIAW98dpDfoLlCZtbXLwNJBgc01j6CGdiBMSBTl79EW9nhIJkRSYTUFYE
 TbVvQjtrsSOdRolOUwc4D5gtpKbFC3gsaygWN4Sagta3va+bJbW5z8q2yx3+3T5wW2av
 Hd3VJ4BG547xF9P0O/tk6MIMl0bXoTBDnVgFdENSoeTG9zkbRSn1HWI9vjQxcLP7r9D+
 GGgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=CIRHd1yvN/Oh+azk8ZEfw+2mbYx+U/ykTlgww7Yu5oo=;
 b=ufePjDb1i4hhZfcWGf8HZ+AUPekm9gqBJnAxqmnxLJV5E8FAZYh4wLCMg8CtGTPFVq
 0BJfaKc0jkLEgI/SLMkNR0f/vIXFzKry8VozK1ck/lLZjgEq4WW2vb0EaSUos1gDUuyD
 Npn7ZHX3ESQ1NhM8iSibIUZIGyHIs1z8rNKzKrGOjV/o1ENylrnG6DWWakW1N+QvEACg
 7sroZjJ8sxJiaSdN6hwGXqVDKQwlqZbmG6hmGyrfkq4MWO4mWLH8BqvfOvYP2Q8YYaRh
 Utl0iTdyg4RGOptiT0qLHc73K8JBrHG4raE9GPhl+aDF5M7aRtj00cmdq0B8U4BlYxmX
 dnGw==
X-Gm-Message-State: AOAM530lT81BzVpurwiTKU8iDg2EYRZc8dTrwgtomYAczAN0JhDO82x7
 bzKCr86MofE+BZ+vtsRGVCwn7jUp
X-Google-Smtp-Source: 
 ABdhPJwlVbmPTVlqANAaKmcNg8SiNwhPtktQ3V7z0Y6So2EbhbxHj/skdHih/jCt2Sk1vP7jVqNfWg==
X-Received: by 2002:aa7:dd05:: with SMTP id i5mr24229384edv.283.1595297560404;
 Mon, 20 Jul 2020 19:12:40 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id p9sm15528563ejd.50.2020.07.20.19.12.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 20 Jul 2020 19:12:38 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 21 Jul 2020 04:12:14 +0200
Message-Id: <20200721021215.32647-6-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
References: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 8/9] avformat/paf: Simplify cleanup after
	read_header failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

by setting the AVFMT_HEADER_CLEANUP flag.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/paf.c | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/libavformat/paf.c b/libavformat/paf.c
index a31d01502b..9072c79edd 100644
--- a/libavformat/paf.c
+++ b/libavformat/paf.c
@@ -90,7 +90,6 @@ static int read_header(AVFormatContext *s)
     PAFDemuxContext *p  = s->priv_data;
     AVIOContext     *pb = s->pb;
     AVStream        *ast, *vst;
-    int ret = 0;
 
     avio_skip(pb, 132);
 
@@ -165,8 +164,7 @@ static int read_header(AVFormatContext *s)
         !p->video_frame         ||
         !p->audio_frame         ||
         !p->temp_audio_frame) {
-        ret = AVERROR(ENOMEM);
-        goto fail;
+        return AVERROR(ENOMEM);
     }
 
     avio_seek(pb, p->buffer_size, SEEK_SET);
@@ -182,11 +180,6 @@ static int read_header(AVFormatContext *s)
     avio_seek(pb, p->start_offset, SEEK_SET);
 
     return 0;
-
-fail:
-    read_close(s);
-
-    return ret;
 }
 
 static int read_packet(AVFormatContext *s, AVPacket *pkt)
@@ -260,6 +253,7 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
 AVInputFormat ff_paf_demuxer = {
     .name           = "paf",
     .long_name      = NULL_IF_CONFIG_SMALL("Amazing Studio Packed Animation File"),
+    .flags          = AVFMT_HEADER_CLEANUP,
     .priv_data_size = sizeof(PAFDemuxContext),
     .read_probe     = read_probe,
     .read_header    = read_header,

From patchwork Tue Jul 21 02:12:15 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
X-Patchwork-Id: 21214
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id CFA1B44B6A8
	for <patchwork@ffaux-bg.ffmpeg.org>; Tue, 21 Jul 2020 05:12:49 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AAE3868BAF5;
	Tue, 21 Jul 2020 05:12:49 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ed1-f65.google.com (mail-ed1-f65.google.com
 [209.85.208.65])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8FC7768BB06
 for <ffmpeg-devel@ffmpeg.org>; Tue, 21 Jul 2020 05:12:42 +0300 (EEST)
Received: by mail-ed1-f65.google.com with SMTP id z17so14163566edr.9
 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Jul 2020 19:12:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=D26pvtVY4EFMK1BCKHCAnxrDK79oMozIKv3Dh5AsnpY=;
 b=Zpap7GJhsY5YkMfZbiq0UnV4WXUEvVFZc5mwmFf8DuJdcCKueVDv5QWc8dmebtqTNZ
 qG+oGR/jxqxsE0QQMOscGNoUeL0W2NeyrqEVsLceOIUs0P4ekHqniBderl2UPJ9KLtX4
 BT4dvpAQhCz4l4qK6ryr0fC+Cvoq9mubGbhogLqcavl68CUTFMh5mqGdFFwhIz5iTcEe
 4PfcFRYP++iLn8btw6D3ijzDiBOwHEcfB6epajKdOOE11i4yUWaLuf2EH6/AIIaGQI1q
 pK+kqg8SjJxgcZYimkf2Y+iidPfbe+ZFJ/XJVTj73VwKymLkHaTsDvoH4TL/X2ATleQr
 sYKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=D26pvtVY4EFMK1BCKHCAnxrDK79oMozIKv3Dh5AsnpY=;
 b=eNbtJ1S4A93UWylJWreWE9jdcTB5BXkDQOZKrinGPKEBx+wm8TEwFfnb+w8Yaqbtvm
 4Bd9Nc2lPCCVSw9XhFXNcbw7z/n3tF8DGK90kI0hp6PNAs1P2xkQfoA+dhLPPDJawzBu
 0i93AiTB9wEanTNO2Ua+86iCTm9i7oOYrYaAVydlPKtzYbIzEUEBIlrSTd4bkp4381/w
 fsgqsrOzhT/Xmu6Ao8vgxMYzpi0eE+nQ0fKP/2CiW90RiybfU/v54HF9mosexVDRlCl/
 bULBj1hP2jy5UFGhKe8i9o4JGYwxMFaQCTVRCSaeQwTD3vZfcaeVPkYfeY3Cil9DqXZD
 ASHg==
X-Gm-Message-State: AOAM5326dcg0bttQeWJSdPjACHHhUYyUPR1M1d51a6yO7mIzPHoLlmHu
 eW+jxlvBNEB5wcsp2mK9IErpBcJF
X-Google-Smtp-Source: 
 ABdhPJy9cKAyIwyzEq+HMdMb951CjBuYcBzf6ZmBxJzc1+x96arMLzvLxcntVzTmDspKxvIZ3t/D2Q==
X-Received: by 2002:a50:f0c6:: with SMTP id a6mr23282639edm.374.1595297561670;
 Mon, 20 Jul 2020 19:12:41 -0700 (PDT)
Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de.
 [188.193.2.150])
 by smtp.gmail.com with ESMTPSA id p9sm15528563ejd.50.2020.07.20.19.12.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 20 Jul 2020 19:12:40 -0700 (PDT)
From: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 21 Jul 2020 04:12:15 +0200
Message-Id: <20200721021215.32647-7-andreas.rheinhardt@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
References: <20200719204755.32269-1-andreas.rheinhardt@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 9/9] avformat/concatdec: Simplify cleanup
	after read_header failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

by setting the AVFMT_HEADER_CLEANUP flag.

(Btw: concat_read_close() is not idempotent (it frees cat->files, but
doesn't reset cat->nb_files), so this demuxer was incompatible with
simply calling read_close generically upon read_header failure.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/concatdec.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/libavformat/concatdec.c b/libavformat/concatdec.c
index 4b56b61404..5f3c63a621 100644
--- a/libavformat/concatdec.c
+++ b/libavformat/concatdec.c
@@ -510,12 +510,9 @@ static int concat_read_header(AVFormatContext *avf)
                                                MATCH_ONE_TO_ONE;
     if ((ret = open_file(avf, 0)) < 0)
         goto fail;
-    av_bprint_finalize(&bp, NULL);
-    return 0;
 
 fail:
     av_bprint_finalize(&bp, NULL);
-    concat_read_close(avf);
     return ret;
 }
 
@@ -778,6 +775,7 @@ static const AVClass concat_class = {
 AVInputFormat ff_concat_demuxer = {
     .name           = "concat",
     .long_name      = NULL_IF_CONFIG_SMALL("Virtual concatenation script"),
+    .flags          = AVFMT_HEADER_CLEANUP,
     .priv_data_size = sizeof(ConcatContext),
     .read_probe     = concat_probe,
     .read_header    = concat_read_header,