virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-04 22:03:09 +02:00
Code Issues Releases Activity

avformat/mov: free streams earlier on error when parsing infe boxes

Browse Source 
Fixes clusterfuzz-testcase-minimized-fuzzer_loadfile-5365661771825152.

Signed-off-by: James Almer <jamrial@gmail.com>
This commit is contained in:
James Almer
2025-08-01 17:08:14 -03:00
parent 11a5333980
commit 89187a84d3
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
libavformat/mov.c
View File

@ -5406,7 +5406,7 @@ static int heif_add_stream(MOVContext *c, HEIFItem *item)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
sc = av_mallocz(sizeof(MOVStreamContext)); sc = av_mallocz(sizeof(MOVStreamContext));
if (!sc) if (!sc)
return AVERROR(ENOMEM); goto fail;
item->st = st; item->st = st;
st->id = item->item_id; st->id = item->item_id;
@ -5430,27 +5430,33 @@ static int heif_add_stream(MOVContext *c, HEIFItem *item)
sc->stsc_count = 1; sc->stsc_count = 1;
sc->stsc_data = av_malloc_array(1, sizeof(*sc->stsc_data)); sc->stsc_data = av_malloc_array(1, sizeof(*sc->stsc_data));
if (!sc->stsc_data) if (!sc->stsc_data)
return AVERROR(ENOMEM); goto fail;
sc->stsc_data[0].first = 1; sc->stsc_data[0].first = 1;
sc->stsc_data[0].count = 1; sc->stsc_data[0].count = 1;
sc->stsc_data[0].id = 1; sc->stsc_data[0].id = 1;
sc->chunk_offsets = av_malloc_array(1, sizeof(*sc->chunk_offsets)); sc->chunk_offsets = av_malloc_array(1, sizeof(*sc->chunk_offsets));
if (!sc->chunk_offsets) if (!sc->chunk_offsets)
return AVERROR(ENOMEM); goto fail;
sc->chunk_count = 1; sc->chunk_count = 1;
sc->sample_sizes = av_malloc_array(1, sizeof(*sc->sample_sizes)); sc->sample_sizes = av_malloc_array(1, sizeof(*sc->sample_sizes));
if (!sc->sample_sizes) if (!sc->sample_sizes)
return AVERROR(ENOMEM); goto fail;
sc->sample_count = 1; sc->sample_count = 1;
sc->stts_data = av_malloc_array(1, sizeof(*sc->stts_data)); sc->stts_data = av_malloc_array(1, sizeof(*sc->stts_data));
if (!sc->stts_data) if (!sc->stts_data)
return AVERROR(ENOMEM); goto fail;
sc->stts_count = 1; sc->stts_count = 1;
sc->stts_data[0].count = 1; sc->stts_data[0].count = 1;
// Not used for still images. But needed by mov_build_index. // Not used for still images. But needed by mov_build_index.
sc->stts_data[0].duration = 0; sc->stts_data[0].duration = 0;
return 0; return 0;
fail:
mov_free_stream_context(c->fc, st);
ff_remove_stream(c->fc, st);
item->st = NULL;
return AVERROR(ENOMEM);
} }
static int mov_read_meta(MOVContext *c, AVIOContext *pb, MOVAtom atom) static int mov_read_meta(MOVContext *c, AVIOContext *pb, MOVAtom atom)
@ -9001,12 +9007,6 @@ fail:
continue; continue;
av_freep(&item->name); av_freep(&item->name);
if (!item->st)
continue;
mov_free_stream_context(c->fc, item->st);
ff_remove_stream(c->fc, item->st);
item->st = NULL;
} }
return ret; return ret;
} }