[FFmpeg-cvslog] oggdec: make sure the private parse data is cleaned up
Luca Barbato
git at videolan.org
Sun Oct 6 19:06:07 CEST 2013
ffmpeg | branch: release/0.7 | Luca Barbato <lu_zero at gentoo.org> | Fri Jan 4 16:05:51 2013 +0100| [ee6b868ac835266ebdc10291f5485ace7769bb2e] | committer: Reinhard Tartler
oggdec: make sure the private parse data is cleaned up
Related to CVE-2012-2882
(cherry picked from commit d894f74762bc95310ba23f804b7ba8dffc8f6646)
Conflicts:
libavformat/oggdec.h
libavformat/oggparsevorbis.c
(cherry picked from commit b0240165d93d4a08d15d244953219a4d4e725d3f)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee6b868ac835266ebdc10291f5485ace7769bb2e
---
libavformat/oggdec.c | 4 ++++
libavformat/oggdec.h | 5 +++++
libavformat/oggparsevorbis.c | 14 +++++++++++++-
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
index cab6da7..8c2d786 100644
--- a/libavformat/oggdec.c
+++ b/libavformat/oggdec.c
@@ -499,6 +499,10 @@ static int ogg_read_close(AVFormatContext *s)
for (i = 0; i < ogg->nstreams; i++) {
av_free(ogg->streams[i].buf);
+ if (ogg->streams[i].codec &&
+ ogg->streams[i].codec->cleanup) {
+ ogg->streams[i].codec->cleanup(s, i);
+ }
av_free(ogg->streams[i].private);
}
av_free(ogg->streams);
diff --git a/libavformat/oggdec.h b/libavformat/oggdec.h
index e7d1022..e6d9230 100644
--- a/libavformat/oggdec.h
+++ b/libavformat/oggdec.h
@@ -51,6 +51,11 @@ struct ogg_codec {
* 0 if granule is the end time of the associated packet.
*/
int granule_is_start;
+ /**
+ * Number of expected headers
+ */
+ int nb_header;
+ void (*cleanup)(AVFormatContext *s, int idx);
};
struct ogg_stream {
diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c
index 86951f3..f276a13 100644
--- a/libavformat/oggparsevorbis.c
+++ b/libavformat/oggparsevorbis.c
@@ -188,6 +188,16 @@ fixup_vorbis_headers(AVFormatContext * as, struct oggvorbis_private *priv,
return offset;
}
+static int vorbis_cleanup(AVFormatContext *s, int idx)
+{
+ struct ogg *ogg = s->priv_data;
+ struct ogg_stream *os = ogg->streams + idx;
+ struct oggvorbis_private *priv = os->private;
+ int i;
+ if (os->private)
+ for (i = 0; i < 3; i++)
+ av_freep(&priv->packet[i]);
+}
static int
vorbis_header (AVFormatContext * s, int idx)
@@ -278,5 +288,7 @@ vorbis_header (AVFormatContext * s, int idx)
const struct ogg_codec ff_vorbis_codec = {
.magic = "\001vorbis",
.magicsize = 7,
- .header = vorbis_header
+ .header = vorbis_header,
+ .cleanup= vorbis_cleanup,
+ .nb_header = 3,
};
More information about the ffmpeg-cvslog
mailing list