[FFmpeg-cvslog] segafilm: fix leaks if reading the header fails
Anton Khirnov
git at videolan.org
Tue Feb 4 06:32:05 CET 2014
ffmpeg | branch: release/1.1 | Anton Khirnov <anton at khirnov.net> | Thu Nov 28 10:54:35 2013 +0100| [f728782c0d30433efa11f1238a16aed994e9b563] | committer: Reinhard Tartler
segafilm: fix leaks if reading the header fails
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org
(cherry picked from commit 6892d145a0c80249bd61ee7dd31ec851c5076bcd)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f728782c0d30433efa11f1238a16aed994e9b563
---
libavformat/segafilm.c | 35 ++++++++++++++++++++---------------
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c
index 5643f33..53e2066 100644
--- a/libavformat/segafilm.c
+++ b/libavformat/segafilm.c
@@ -75,13 +75,23 @@ static int film_probe(AVProbeData *p)
return AVPROBE_SCORE_MAX;
}
+static int film_read_close(AVFormatContext *s)
+{
+ FilmDemuxContext *film = s->priv_data;
+
+ av_freep(&film->sample_table);
+ av_freep(&film->stereo_buffer);
+
+ return 0;
+}
+
static int film_read_header(AVFormatContext *s)
{
FilmDemuxContext *film = s->priv_data;
AVIOContext *pb = s->pb;
AVStream *st;
unsigned char scratch[256];
- int i;
+ int i, ret;
unsigned int data_offset;
unsigned int audio_frame_counter;
@@ -213,14 +223,16 @@ static int film_read_header(AVFormatContext *s)
for (i = 0; i < film->sample_count; i++) {
/* load the next sample record and transfer it to an internal struct */
if (avio_read(pb, scratch, 16) != 16) {
- av_free(film->sample_table);
- return AVERROR(EIO);
+ ret = AVERROR(EIO);
+ goto fail;
}
film->sample_table[i].sample_offset =
data_offset + AV_RB32(&scratch[0]);
film->sample_table[i].sample_size = AV_RB32(&scratch[4]);
- if (film->sample_table[i].sample_size > INT_MAX / 4)
- return AVERROR_INVALIDDATA;
+ if (film->sample_table[i].sample_size > INT_MAX / 4) {
+ ret = AVERROR_INVALIDDATA;
+ goto fail;
+ }
if (AV_RB32(&scratch[8]) == 0xFFFFFFFF) {
film->sample_table[i].stream = film->audio_stream_index;
film->sample_table[i].pts = audio_frame_counter;
@@ -241,6 +253,9 @@ static int film_read_header(AVFormatContext *s)
film->current_sample = 0;
return 0;
+fail:
+ film_read_close(s);
+ return ret;
}
static int film_read_packet(AVFormatContext *s,
@@ -319,16 +334,6 @@ static int film_read_packet(AVFormatContext *s,
return ret;
}
-static int film_read_close(AVFormatContext *s)
-{
- FilmDemuxContext *film = s->priv_data;
-
- av_free(film->sample_table);
- av_free(film->stereo_buffer);
-
- return 0;
-}
-
AVInputFormat ff_segafilm_demuxer = {
.name = "film_cpk",
.long_name = NULL_IF_CONFIG_SMALL("Sega FILM / CPK"),
More information about the ffmpeg-cvslog
mailing list