[FFmpeg-cvslog] avformat/rmdec: Fix potential crash on allocation failure

[Andreas Rheinhardt]

ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Mon Jul 20 22:44:42 2020 +0200| [5aafdb4e5fe3ca8a0d8b16498caf5899a8d68e2c] | committer: Andreas Rheinhardt

avformat/rmdec: Fix potential crash on allocation failure

The RealMedia demuxer uses the priv_data of its streams to store a
structure containing an AVPacket. These packets are unreferenced in the
read_close function, yet said function simply presumed that the
priv_data has been successfully allocated. This implies that it mustn't
be called when an allocation of priv_data fails; but this can happen
since commit 35bbc1955a58ba74552c50d9161084644f00bbd3 if one has a
stream with multiple substreams (also exported as AVStream) and if
allocating the priv_data for one of these substreams fails.

This has been fixed by making sure that read_close can handle the case
in which priv_data has not been successfully allocated.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5aafdb4e5fe3ca8a0d8b16498caf5899a8d68e2c
---

 libavformat/rmdec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 6851b7e1f4..72b8dba741 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -115,6 +115,9 @@ RMStream *ff_rm_alloc_rmstream (void)
 
 void ff_rm_free_rmstream (RMStream *rms)
 {
+    if (!rms)
+        return;
+
     av_packet_unref(&rms->pkt);
 }