[FFmpeg-devel] [PATCH] mov: Fix memory leaks on aborted header parsing.
dalecurtis at chromium.org
dalecurtis at chromium.org
Fri Apr 13 02:50:55 CEST 2012
From: Dale Curtis <dalecurtis at chromium.org>
If mov_read_header exits under error, the memory allocated is
not freed.
Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
---
libavformat/mov.c | 74 +++++++++++++++++++++++++++++-----------------------
1 files changed, 41 insertions(+), 33 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index b4ff1df..0960a4e 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2760,6 +2760,45 @@ static int mov_read_timecode_track(AVFormatContext *s, AVStream *st)
return 0;
}
+static int mov_read_close(AVFormatContext *s)
+{
+ MOVContext *mov = s->priv_data;
+ int i, j;
+
+ for (i = 0; i < s->nb_streams; i++) {
+ AVStream *st = s->streams[i];
+ MOVStreamContext *sc = st->priv_data;
+
+ av_freep(&sc->ctts_data);
+ for (j = 0; j < sc->drefs_count; j++) {
+ av_freep(&sc->drefs[j].path);
+ av_freep(&sc->drefs[j].dir);
+ }
+ av_freep(&sc->drefs);
+ if (sc->pb && sc->pb != s->pb)
+ avio_close(sc->pb);
+ av_freep(&sc->chunk_offsets);
+ av_freep(&sc->keyframes);
+ av_freep(&sc->sample_sizes);
+ av_freep(&sc->stps_data);
+ av_freep(&sc->stsc_data);
+ av_freep(&sc->stts_data);
+ }
+
+ if (mov->dv_demux) {
+ for (i = 0; i < mov->dv_fctx->nb_streams; i++) {
+ av_freep(&mov->dv_fctx->streams[i]->codec);
+ av_freep(&mov->dv_fctx->streams[i]);
+ }
+ av_freep(&mov->dv_fctx);
+ av_freep(&mov->dv_demux);
+ }
+
+ av_freep(&mov->trex_data);
+
+ return 0;
+}
+
static int mov_read_header(AVFormatContext *s)
{
MOVContext *mov = s->priv_data;
@@ -2777,10 +2816,12 @@ static int mov_read_header(AVFormatContext *s)
/* check MOV header */
if ((err = mov_read_default(mov, pb, atom)) < 0) {
av_log(s, AV_LOG_ERROR, "error reading header: %d\n", err);
+ mov_read_close(s);
return err;
}
if (!mov->found_moov) {
av_log(s, AV_LOG_ERROR, "moov atom not found\n");
+ mov_read_close(s);
return AVERROR_INVALIDDATA;
}
av_dlog(mov->fc, "on_parse_exit_offset=%"PRId64"\n", avio_tell(pb));
@@ -2980,39 +3021,6 @@ static int mov_read_seek(AVFormatContext *s, int stream_index, int64_t sample_ti
return 0;
}
-static int mov_read_close(AVFormatContext *s)
-{
- MOVContext *mov = s->priv_data;
- int i, j;
-
- for (i = 0; i < s->nb_streams; i++) {
- AVStream *st = s->streams[i];
- MOVStreamContext *sc = st->priv_data;
-
- av_freep(&sc->ctts_data);
- for (j = 0; j < sc->drefs_count; j++) {
- av_freep(&sc->drefs[j].path);
- av_freep(&sc->drefs[j].dir);
- }
- av_freep(&sc->drefs);
- if (sc->pb && sc->pb != s->pb)
- avio_close(sc->pb);
- }
-
- if (mov->dv_demux) {
- for (i = 0; i < mov->dv_fctx->nb_streams; i++) {
- av_freep(&mov->dv_fctx->streams[i]->codec);
- av_freep(&mov->dv_fctx->streams[i]);
- }
- av_freep(&mov->dv_fctx);
- av_freep(&mov->dv_demux);
- }
-
- av_freep(&mov->trex_data);
-
- return 0;
-}
-
static const AVOption options[] = {
{"use_absolute_path",
"allow using absolute path when opening alias, this is a possible security issue",
--
1.7.7.3
More information about the ffmpeg-devel
mailing list