[FFmpeg-cvslog] segafilm: fix leaks if reading the header fails

Anton Khirnov git at videolan.org
Mon Mar 10 18:24:33 CET 2014


ffmpeg | branch: release/0.10 | Anton Khirnov <anton at khirnov.net> | Thu Nov 28 10:54:35 2013 +0100| [6a56d16dc1368b9fe2ac5667c898684be3045d2e] | committer: Reinhard Tartler

segafilm: fix leaks if reading the header fails

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org
(cherry picked from commit 6892d145a0c80249bd61ee7dd31ec851c5076bcd)

Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit f728782c0d30433efa11f1238a16aed994e9b563)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>

Conflicts:
	libavformat/segafilm.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a56d16dc1368b9fe2ac5667c898684be3045d2e
---

 libavformat/segafilm.c |   35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c
index d5aaf11..386fd7e 100644
--- a/libavformat/segafilm.c
+++ b/libavformat/segafilm.c
@@ -75,6 +75,16 @@ static int film_probe(AVProbeData *p)
     return AVPROBE_SCORE_MAX;
 }
 
+static int film_read_close(AVFormatContext *s)
+{
+    FilmDemuxContext *film = s->priv_data;
+
+    av_freep(&film->sample_table);
+    av_freep(&film->stereo_buffer);
+
+    return 0;
+}
+
 static int film_read_header(AVFormatContext *s,
                             AVFormatParameters *ap)
 {
@@ -82,7 +92,7 @@ static int film_read_header(AVFormatContext *s,
     AVIOContext *pb = s->pb;
     AVStream *st;
     unsigned char scratch[256];
-    int i;
+    int i, ret;
     unsigned int data_offset;
     unsigned int audio_frame_counter;
 
@@ -209,14 +219,16 @@ static int film_read_header(AVFormatContext *s,
     for (i = 0; i < film->sample_count; i++) {
         /* load the next sample record and transfer it to an internal struct */
         if (avio_read(pb, scratch, 16) != 16) {
-            av_free(film->sample_table);
-            return AVERROR(EIO);
+            ret = AVERROR(EIO);
+            goto fail;
         }
         film->sample_table[i].sample_offset =
             data_offset + AV_RB32(&scratch[0]);
         film->sample_table[i].sample_size = AV_RB32(&scratch[4]);
-        if (film->sample_table[i].sample_size > INT_MAX / 4)
-            return AVERROR_INVALIDDATA;
+        if (film->sample_table[i].sample_size > INT_MAX / 4) {
+            ret = AVERROR_INVALIDDATA;
+            goto fail;
+        }
         if (AV_RB32(&scratch[8]) == 0xFFFFFFFF) {
             film->sample_table[i].stream = film->audio_stream_index;
             film->sample_table[i].pts = audio_frame_counter;
@@ -239,6 +251,9 @@ static int film_read_header(AVFormatContext *s,
     film->current_sample = 0;
 
     return 0;
+fail:
+    film_read_close(s);
+    return ret;
 }
 
 static int film_read_packet(AVFormatContext *s,
@@ -317,16 +332,6 @@ static int film_read_packet(AVFormatContext *s,
     return ret;
 }
 
-static int film_read_close(AVFormatContext *s)
-{
-    FilmDemuxContext *film = s->priv_data;
-
-    av_free(film->sample_table);
-    av_free(film->stereo_buffer);
-
-    return 0;
-}
-
 AVInputFormat ff_segafilm_demuxer = {
     .name           = "film_cpk",
     .long_name      = NULL_IF_CONFIG_SMALL("Sega FILM/CPK format"),



More information about the ffmpeg-cvslog mailing list