On Wed, Jun 04, 2014 at 10:22:25PM +0530, Nidhi Makhijani wrote:
> --- a/libavformat/nutdec.c
> +++ b/libavformat/nutdec.c
> @@ -312,8 +314,13 @@ static int decode_main_header(NUTContext *nut)
> hdr = av_malloc(nut->header_len[i]);
> - if (!hdr)
> + if (!hdr) {
> + int j;
> + for (j = 1; j < i; j++)
> + av_freep(&nut->header_len[j]);
> + av_free(nut->time_base);
> return AVERROR(ENOMEM);
> + }
> avio_read(bc, hdr, nut->header_len[i]);
> nut->header[i] = hdr;
> @@ -331,6 +338,13 @@ static int decode_main_header(NUTContext *nut)
> nut->stream = av_mallocz(sizeof(StreamContext) * stream_count);
> + if (!nut->stream) {
> + int j;
> + for (j = 1; j < nut->header_count; j++)
> + av_freep(&nut->header_len[j]);
> + av_free(nut->time_base);
> + return AVERROR(ENOMEM);
> + }
I'd suggest refactoring this common block into a "goto fail" stanza.
> @@ -405,6 +419,8 @@ static int decode_stream_header(NUTContext *nut)
> if (st->codec->extradata_size) {
> st->codec->extradata = av_mallocz(st->codec->extradata_size +
> FF_INPUT_BUFFER_PADDING_SIZE);
> + if (!st->codec->extradata)
> + return AVERROR(ENOMEM);
> avio_read(bc, st->codec->extradata, st->codec->extradata_size);
Here I believe you should reset extradata_size on failed allocation.
There remains a loop with avformat_new_stream() calls that is not checked
for successful operation.
Diego
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
