[FFmpeg-cvslog] avformat/mxfdec: free duplicated utf16 strings

Michael Niedermayer git at videolan.org
Tue Jul 7 21:41:23 EEST 2020


ffmpeg | branch: release/4.2 | Michael Niedermayer <michael at niedermayer.cc> | Sun Jun 14 19:45:05 2020 +0200| [774efe1eceac5f22b859b1e2965f4d46fd6f35a0] | committer: Michael Niedermayer

avformat/mxfdec: free duplicated utf16 strings

Fixes: memleak
Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744

Suggested-by: Marton Balint <cus at passwd.hu>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 0aa2768cb275bda9e9e1331ed95adc7cd686eafe)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=774efe1eceac5f22b859b1e2965f4d46fd6f35a0
---

 libavformat/mxfdec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 9c4d036043..eca4dfed9c 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -866,6 +866,7 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i
         return AVERROR(EINVAL);
 
     buf_size = size + size / 2 + 1;
+    av_free(*str);
     *str = av_malloc(buf_size);
     if (!*str)
         return AVERROR(ENOMEM);



More information about the ffmpeg-cvslog mailing list