[FFmpeg-devel] [PATCH] matroska: Fix leaking memory allocated for laces.
dalecurtis at chromium.org
dalecurtis at chromium.org
Fri Apr 13 02:14:35 CEST 2012
From: Dale Curtis <dalecurtis at chromium.org>
During error conditions matroska_parse_block may exit without
freeing the memory allocated for laces.
Found via valgrind: http://pastebin.com/E54k8QFU
Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
---
libavformat/matroskadec.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 6d7401b..856508c 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1940,6 +1940,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
if (size < cfs * h / 2) {
av_log(matroska->ctx, AV_LOG_ERROR,
"Corrupt int4 RM-style audio packet size\n");
+ av_free(lace_size);
return AVERROR_INVALIDDATA;
}
for (x=0; x<h/2; x++)
@@ -1949,6 +1950,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
if (size < w) {
av_log(matroska->ctx, AV_LOG_ERROR,
"Corrupt sipr RM-style audio packet size\n");
+ av_free(lace_size);
return AVERROR_INVALIDDATA;
}
memcpy(track->audio.buf + y*w, data, w);
@@ -1956,6 +1958,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data,
if (size < sps * w / sps) {
av_log(matroska->ctx, AV_LOG_ERROR,
"Corrupt generic RM-style audio packet size\n");
+ av_free(lace_size);
return AVERROR_INVALIDDATA;
}
for (x=0; x<w/sps; x++)
--
1.7.7.3
More information about the ffmpeg-devel
mailing list