On Sun, 14 Jun 2020, Michael Niedermayer wrote:
Alternatively we could free the already allocated element
Yeah, I kind of prefer that, we potentially allow non-string values to occur multiple times, so I'd say let's allow string values as well, even if that is not common. (I am not sure if it is strictly invalid or just uncommon).
Regards, Marton
Fixes: memleak Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/mxfdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index a60bdfeade..3b354864d9 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -867,6 +867,8 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i return AVERROR(EINVAL); buf_size = size + size / 2 + 1; + if (*str) + return AVERROR_INVALIDDATA; *str = av_malloc(buf_size); if (!*str) return AVERROR(ENOMEM); -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
