Fixes: memleak Fixes: 15446/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5662875831500800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/takdec.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/libavformat/takdec.c b/libavformat/takdec.c index ee96c27992..c51a020161 100644 --- a/libavformat/takdec.c +++ b/libavformat/takdec.c @@ -146,7 +146,7 @@ static int tak_read_header(AVFormatContext *s) ret = avpriv_tak_parse_streaminfo(&ti, buffer, size -3); if (ret < 0) - return AVERROR_INVALIDDATA; + goto end; if (ti.samples > 0) st->duration = ti.samples; st->codecpar->bits_per_coded_sample = ti.bps; @@ -160,8 +160,10 @@ static int tak_read_header(AVFormatContext *s) st->codecpar->extradata_size = size - 3; buffer = NULL; } else if (type == TAK_METADATA_LAST_FRAME) { - if (size != 11) - return AVERROR_INVALIDDATA; + if (size != 11) { + ret = AVERROR_INVALIDDATA; + goto end; + } init_get_bits8(&gb, buffer, size - 3); tc->mlast_frame = 1; tc->data_end = get_bits64(&gb, TAK_LAST_FRAME_POS_BITS) + @@ -176,6 +178,9 @@ static int tak_read_header(AVFormatContext *s) } return AVERROR_EOF; +end: + av_freep(&buffer); + return ret; } static int raw_read_packet(AVFormatContext *s, AVPacket *pkt) -- 2.22.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
