[FFmpeg-cvslog] lavf/mxfdec: Fix memleaks reading corrupt files.
Carl Eugen Hoyos
git at videolan.org
Mon Dec 15 02:31:51 CET 2014
ffmpeg | branch: master | Carl Eugen Hoyos <cehoyos at ag.or.at> | Mon Dec 15 01:33:13 2014 +0100| [4373a25d94dba2cb361aa18e8d70806e1894df81] | committer: Carl Eugen Hoyos
lavf/mxfdec: Fix memleaks reading corrupt files.
Fixes ticket #4173.
Reviewed-by: Tomas Härdin
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4373a25d94dba2cb361aa18e8d70806e1894df81
---
libavformat/mxfdec.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 894eac7..4715169 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -863,8 +863,11 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg
if (!(segment->temporal_offset_entries=av_calloc(segment->nb_index_entries, sizeof(*segment->temporal_offset_entries))) ||
!(segment->flag_entries = av_calloc(segment->nb_index_entries, sizeof(*segment->flag_entries))) ||
- !(segment->stream_offset_entries = av_calloc(segment->nb_index_entries, sizeof(*segment->stream_offset_entries))))
+ !(segment->stream_offset_entries = av_calloc(segment->nb_index_entries, sizeof(*segment->stream_offset_entries)))) {
+ av_freep(&segment->temporal_offset_entries);
+ av_freep(&segment->flag_entries);
return AVERROR(ENOMEM);
+ }
for (i = 0; i < segment->nb_index_entries; i++) {
segment->temporal_offset_entries[i] = avio_r8(pb);
@@ -2168,16 +2171,20 @@ static int mxf_read_local_tags(MXFContext *mxf, KLVPacket *klv, MXFMetadataReadF
}
}
}
- if (ctx_size && tag == 0x3C0A)
+ if (ctx_size && tag == 0x3C0A) {
avio_read(pb, ctx->uid, 16);
- else if ((ret = read_child(ctx, pb, tag, size, uid, -1)) < 0)
+ } else if ((ret = read_child(ctx, pb, tag, size, uid, -1)) < 0) {
+ mxf_free_metadataset(&ctx);
return ret;
+ }
/* Accept the 64k local set limit being exceeded (Avid). Don't accept
* it extending past the end of the KLV though (zzuf5.mxf). */
if (avio_tell(pb) > klv_end) {
- if (ctx_size)
- av_free(ctx);
+ if (ctx_size) {
+ ctx->type = type;
+ mxf_free_metadataset(&ctx);
+ }
av_log(mxf->fc, AV_LOG_ERROR,
"local tag %#04x extends past end of local set @ %#"PRIx64"\n",
@@ -2565,7 +2572,8 @@ static int mxf_read_header(AVFormatContext *s)
/* FIXME avoid seek */
if (!essence_offset) {
av_log(s, AV_LOG_ERROR, "no essence\n");
- return AVERROR_INVALIDDATA;
+ ret = AVERROR_INVALIDDATA;
+ goto fail;
}
avio_seek(s->pb, essence_offset, SEEK_SET);
More information about the ffmpeg-cvslog
mailing list