1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

segafilm: fix leaks if reading the header fails

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
This commit is contained in:
Anton Khirnov 2013-11-28 10:54:35 +01:00
parent 9cbf2d78f0
commit 6892d145a0

View File

@ -75,13 +75,23 @@ static int film_probe(AVProbeData *p)
return AVPROBE_SCORE_MAX;
}
static int film_read_close(AVFormatContext *s)
{
FilmDemuxContext *film = s->priv_data;
av_freep(&film->sample_table);
av_freep(&film->stereo_buffer);
return 0;
}
static int film_read_header(AVFormatContext *s)
{
FilmDemuxContext *film = s->priv_data;
AVIOContext *pb = s->pb;
AVStream *st;
unsigned char scratch[256];
int i;
int i, ret;
unsigned int data_offset;
unsigned int audio_frame_counter;
@ -213,14 +223,16 @@ static int film_read_header(AVFormatContext *s)
for (i = 0; i < film->sample_count; i++) {
/* load the next sample record and transfer it to an internal struct */
if (avio_read(pb, scratch, 16) != 16) {
av_free(film->sample_table);
return AVERROR(EIO);
ret = AVERROR(EIO);
goto fail;
}
film->sample_table[i].sample_offset =
data_offset + AV_RB32(&scratch[0]);
film->sample_table[i].sample_size = AV_RB32(&scratch[4]);
if (film->sample_table[i].sample_size > INT_MAX / 4)
return AVERROR_INVALIDDATA;
if (film->sample_table[i].sample_size > INT_MAX / 4) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
if (AV_RB32(&scratch[8]) == 0xFFFFFFFF) {
film->sample_table[i].stream = film->audio_stream_index;
film->sample_table[i].pts = audio_frame_counter;
@ -241,6 +253,9 @@ static int film_read_header(AVFormatContext *s)
film->current_sample = 0;
return 0;
fail:
film_read_close(s);
return ret;
}
static int film_read_packet(AVFormatContext *s,
@ -319,16 +334,6 @@ static int film_read_packet(AVFormatContext *s,
return ret;
}
static int film_read_close(AVFormatContext *s)
{
FilmDemuxContext *film = s->priv_data;
av_free(film->sample_table);
av_free(film->stereo_buffer);
return 0;
}
AVInputFormat ff_segafilm_demuxer = {
.name = "film_cpk",
.long_name = NULL_IF_CONFIG_SMALL("Sega FILM / CPK"),