[FFmpeg-cvslog] lavf/mov.c: Prevent memory leak in case of invalid metadata reads.
Thilo Borgmann
git at videolan.org
Tue Oct 21 12:45:50 CEST 2014
ffmpeg | branch: master | Thilo Borgmann <thilo.borgmann at mail.de> | Tue Oct 21 10:10:55 2014 +0200| [6e6b79e7b8093189fd416670c4e0a7e399705cc1] | committer: Michael Niedermayer
lavf/mov.c: Prevent memory leak in case of invalid metadata reads.
Reviewed-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6e6b79e7b8093189fd416670c4e0a7e399705cc1
---
libavformat/mov.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index a7ec910..80549ec 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -355,16 +355,16 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
}
#endif
- str_size_alloc = str_size << 1; // worst-case requirement for output string in case of utf8 coded input
- str = av_malloc(str_size_alloc);
- if (!str)
- return AVERROR(ENOMEM);
-
if (!key)
return 0;
if (atom.size < 0)
return AVERROR_INVALIDDATA;
+ str_size_alloc = str_size << 1; // worst-case requirement for output string in case of utf8 coded input
+ str = av_malloc(str_size_alloc);
+ if (!str)
+ return AVERROR(ENOMEM);
+
if (parse)
parse(c, pb, str_size, key);
else {
@@ -372,8 +372,10 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
} else {
int ret = avio_read(pb, str, str_size);
- if (ret != str_size)
+ if (ret != str_size) {
+ av_freep(&str);
return ret < 0 ? ret : AVERROR_INVALIDDATA;
+ }
str[str_size] = 0;
}
c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
More information about the ffmpeg-cvslog
mailing list