[FFmpeg-cvslog] avformat/img2dec: Fix probe_buffer leak in ff_img_read_header()

Tue Jun 25 14:31:44 EEST 2019

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Jun 12 21:20:04 2019 +0200| [bd3672ba75c7e4a4b0cb2b46b8b6c983d73a0107] | committer: Michael Niedermayer

avformat/img2dec: Fix probe_buffer leak in ff_img_read_header()

Fixes: memleak
Fixes: 15171/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5683881644130304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd3672ba75c7e4a4b0cb2b46b8b6c983d73a0107
---

 libavformat/img2dec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c
index fe45c5e5ec..f8b4a655a5 100644
--- a/libavformat/img2dec.c
+++ b/libavformat/img2dec.c
@@ -356,6 +356,7 @@ int ff_img_read_header(AVFormatContext *s1)
             }
             if (s1->flags & AVFMT_FLAG_CUSTOM_IO) {
                 avio_seek(s1->pb, 0, SEEK_SET);
+                av_freep(&probe_buffer);
             } else
                 ffio_rewind_with_probe_data(s1->pb, &probe_buffer, probe_buffer_size);
         }

