[FFmpeg-cvslog] [ffmpeg] branch master updated. 3bf8bf965f avformat/mov: clear old name from infe

ffmpeg-git at ffmpeg.org ffmpeg-git at ffmpeg.org
Mon Aug 11 04:25:32 EEST 2025 

The branch, master has been updated
       via  3bf8bf965fb69f873e52d34a85d1ecb722a9fe7f (commit)
       via  cd83161ff66876756674e61eded8ff350aca2e28 (commit)
      from  6711c6a89b31bb59cefd9f2e71806a95fb98efbf (commit)


- Log -----------------------------------------------------------------
commit 3bf8bf965fb69f873e52d34a85d1ecb722a9fe7f
Author:     Kacper Michajłow <kasper93 at gmail.com>
AuthorDate: Wed Aug 6 00:36:10 2025 +0200
Commit:     James Almer <jamrial at gmail.com>
CommitDate: Mon Aug 11 01:25:05 2025 +0000

    avformat/mov: clear old name from infe
    
    heif_items are reused and to avoid leaking memory or using stale name,
    clear it first.
    
    Fixes: 432505829/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6654363487764480
    Found-by: OSS-Fuzz
    Signed-off-by: Kacper Michajłow <kasper93 at gmail.com>

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 94b741f056..86037c6712 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -8957,6 +8957,7 @@ static int mov_read_infe(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return AVERROR(ENOMEM);
     }
 
+    av_freep(&item->name);
     av_bprint_finalize(&item_name, ret ? &item->name : NULL);
     item->item_id = item_id;
     item->type    = item_type;

commit cd83161ff66876756674e61eded8ff350aca2e28
Author:     Leo Izen <leo.izen at gmail.com>
AuthorDate: Sat Aug 9 22:41:22 2025 -0400
Commit:     Leo Izen <leo.izen at gmail.com>
CommitDate: Sun Aug 10 13:23:33 2025 -0400

    avcodec/vp9: fix leaked cbs fragment AVBufferRef
    
    When this function returns, the fragment is never reset, so
    current_frag->data_ref is never unref-ed, which ends up leaking it.
    We call ff_cbs_fragment_reset to release the reference on its buffer.
    
    Signed-off-by: Leo Izen <leo.izen at gmail.com>

diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index 47fabf98e3..d0d0238c2c 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -1679,8 +1679,6 @@ static int vp9_decode_frame(AVCodecContext *avctx, AVFrame *frame,
                                   &s->s.frames[CUR_FRAME] : &s->s.ref_frames[i]);
         }
 
-        ff_cbs_fragment_reset(&s->current_frag);
-
         goto finish;
     }
 
@@ -1805,6 +1803,8 @@ static int vp9_decode_frame(AVCodecContext *avctx, AVFrame *frame,
     }
 
 finish:
+    ff_cbs_fragment_reset(&s->current_frag);
+
     ff_progress_frame_report(&s->s.frames[CUR_FRAME].tf, INT_MAX);
     // ref frame setup
     for (int i = 0; i < 8; i++)

-----------------------------------------------------------------------

Summary of changes:
 libavcodec/vp9.c  | 4 ++--
 libavformat/mov.c | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)


hooks/post-receive
--

More information about the ffmpeg-cvslog mailing list