mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
segafilm: fix leaks if reading the header fails
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org
This commit is contained in:
parent
9cbf2d78f0
commit
6892d145a0
@ -75,13 +75,23 @@ static int film_probe(AVProbeData *p)
|
||||
return AVPROBE_SCORE_MAX;
|
||||
}
|
||||
|
||||
static int film_read_close(AVFormatContext *s)
|
||||
{
|
||||
FilmDemuxContext *film = s->priv_data;
|
||||
|
||||
av_freep(&film->sample_table);
|
||||
av_freep(&film->stereo_buffer);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int film_read_header(AVFormatContext *s)
|
||||
{
|
||||
FilmDemuxContext *film = s->priv_data;
|
||||
AVIOContext *pb = s->pb;
|
||||
AVStream *st;
|
||||
unsigned char scratch[256];
|
||||
int i;
|
||||
int i, ret;
|
||||
unsigned int data_offset;
|
||||
unsigned int audio_frame_counter;
|
||||
|
||||
@ -213,14 +223,16 @@ static int film_read_header(AVFormatContext *s)
|
||||
for (i = 0; i < film->sample_count; i++) {
|
||||
/* load the next sample record and transfer it to an internal struct */
|
||||
if (avio_read(pb, scratch, 16) != 16) {
|
||||
av_free(film->sample_table);
|
||||
return AVERROR(EIO);
|
||||
ret = AVERROR(EIO);
|
||||
goto fail;
|
||||
}
|
||||
film->sample_table[i].sample_offset =
|
||||
data_offset + AV_RB32(&scratch[0]);
|
||||
film->sample_table[i].sample_size = AV_RB32(&scratch[4]);
|
||||
if (film->sample_table[i].sample_size > INT_MAX / 4)
|
||||
return AVERROR_INVALIDDATA;
|
||||
if (film->sample_table[i].sample_size > INT_MAX / 4) {
|
||||
ret = AVERROR_INVALIDDATA;
|
||||
goto fail;
|
||||
}
|
||||
if (AV_RB32(&scratch[8]) == 0xFFFFFFFF) {
|
||||
film->sample_table[i].stream = film->audio_stream_index;
|
||||
film->sample_table[i].pts = audio_frame_counter;
|
||||
@ -241,6 +253,9 @@ static int film_read_header(AVFormatContext *s)
|
||||
film->current_sample = 0;
|
||||
|
||||
return 0;
|
||||
fail:
|
||||
film_read_close(s);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int film_read_packet(AVFormatContext *s,
|
||||
@ -319,16 +334,6 @@ static int film_read_packet(AVFormatContext *s,
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int film_read_close(AVFormatContext *s)
|
||||
{
|
||||
FilmDemuxContext *film = s->priv_data;
|
||||
|
||||
av_free(film->sample_table);
|
||||
av_free(film->stereo_buffer);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
AVInputFormat ff_segafilm_demuxer = {
|
||||
.name = "film_cpk",
|
||||
.long_name = NULL_IF_CONFIG_SMALL("Sega FILM / CPK"),
|
||||
|
Loading…
Reference in New Issue
Block a user