[FFmpeg-cvslog] matroska: Fix leaking memory allocated for laces.

Dale Curtis git at videolan.org
Fri Apr 13 22:12:31 CEST 2012


ffmpeg | branch: master | Dale Curtis <dalecurtis at chromium.org> | Thu Apr 12 21:24:04 2012 -0700| [311685885375122d011b79bb0c2bdeed767374a1] | committer: Ronald S. Bultje

matroska: Fix leaking memory allocated for laces.

During error conditions matroska_parse_block may exit without
freeing the memory allocated for laces.

Found via valgrind: http://pastebin.com/E54k8QFU

Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
Signed-off-by: Ronald S. Bultje <rsbultje at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=311685885375122d011b79bb0c2bdeed767374a1
---

 libavformat/matroskadec.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 4c4f464..c32a943 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1812,7 +1812,8 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
                         if (size < cfs * h / 2) {
                             av_log(matroska->ctx, AV_LOG_ERROR,
                                    "Corrupt int4 RM-style audio packet size\n");
-                            return AVERROR_INVALIDDATA;
+                            res = AVERROR_INVALIDDATA;
+                            goto end;
                         }
                         for (x=0; x<h/2; x++)
                             memcpy(track->audio.buf+x*2*w+y*cfs,
@@ -1821,14 +1822,16 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
                         if (size < w) {
                             av_log(matroska->ctx, AV_LOG_ERROR,
                                    "Corrupt sipr RM-style audio packet size\n");
-                            return AVERROR_INVALIDDATA;
+                            res = AVERROR_INVALIDDATA;
+                            goto end;
                         }
                         memcpy(track->audio.buf + y*w, data, w);
                     } else {
                         if (size < sps * w / sps) {
                             av_log(matroska->ctx, AV_LOG_ERROR,
                                    "Corrupt generic RM-style audio packet size\n");
-                            return AVERROR_INVALIDDATA;
+                            res = AVERROR_INVALIDDATA;
+                            goto end;
                         }
                         for (x=0; x<w/sps; x++)
                             memcpy(track->audio.buf+sps*(h*x+((h+1)/2)*(y&1)+(y>>1)), data+x*sps, sps);
@@ -1918,6 +1921,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
         }
     }
 
+end:
     av_free(lace_size);
     return res;
 }



More information about the ffmpeg-cvslog mailing list