[FFmpeg-devel] [PATCH 2/2] avformat/mxfdec: Fix leak on error

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Fri Mar 12 15:07:33 EET 2021


It was introduced in d3d9b1fc8e2dfc8b4d66c9916ab7221062ff4660;
Fixes Coverity issue #733800.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
I have no testcase for this; but hopefully Michael can test it with the
testcase that led to d3d9b1fc8e2dfc8b4d66c9916ab7221062ff4660 in the
first place?
(And I always thought fuzzing samples were small. How does it come that
it is close to INT64_MAX?)

 libavformat/mxfdec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index d7213bda30..2e9d7d713a 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -2909,8 +2909,11 @@ static int mxf_read_local_tags(MXFContext *mxf, KLVPacket *klv, MXFMetadataReadF
         int size = avio_rb16(pb); /* KLV specified by 0x53 */
         int64_t next = avio_tell(pb);
         UID uid = {0};
-        if (next < 0 || next > INT64_MAX - size)
+        if (next < 0 || next > INT64_MAX - size) {
+            if (meta)
+                mxf_free_metadataset(&meta, 1);
             return next < 0 ? next : AVERROR_INVALIDDATA;
+        }
         next += size;
 
         av_log(mxf->fc, AV_LOG_TRACE, "local tag %#04x size %d\n", tag, size);
-- 
2.27.0



More information about the ffmpeg-devel mailing list