[FFmpeg-cvslog] avformat/mov: Fix memleak upon encountering repeating tags

Andreas Rheinhardt git at videolan.org
Wed Jul 1 23:08:18 EEST 2020


ffmpeg | branch: release/4.2 | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sun Jun 14 09:19:38 2020 +0200| [ca2ca8d64757f35805149b63e7b1fdc5ed1292b6] | committer: Andreas Rheinhardt

avformat/mov: Fix memleak upon encountering repeating tags

mov_read_custom tries to read three strings belonging to three different
tags. When an already encountered tag is encountered again, a new buffer
for the string to be read is allocated and stored in the pointer
destined for this particular tag. But in this scenario, said pointer
already holds the address of the string read earlier, leading to a leak.

This commit therefore aborts the reading process upon encountering
an already encountered tag.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
(cherry picked from commit dfef1d5e3cd4dfead84416a01e6c9ff0da50b34d)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca2ca8d64757f35805149b63e7b1fdc5ed1292b6
---

 libavformat/mov.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index da26b489a5..5d2f5d0e16 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4389,6 +4389,9 @@ static int mov_read_custom(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         } else
             break;
 
+        if (*p)
+            break;
+
         *p = av_malloc(len + 1);
         if (!*p) {
             ret = AVERROR(ENOMEM);



More information about the ffmpeg-cvslog mailing list