1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00

avformat/pp_bnk: Fix memleaks when reading non-stereo tracks

Commit 6973df1122 added support
for music tracks by outputting its two containing tracks
together in one packet. But the actual data is not contiguous
in the file and therefore one can't simply use av_get_packet()
(which has been used before) for it. Therefore the packet was
now allocated via av_new_packet() and read via avio_read();
and this is also for non-music files.

This causes problems because one can now longer rely on things
done automatically by av_get_packet(): It automatically freed
the packet in case of errors; this lead to memleaks in several
FATE-tests covering this demuxer. Furthermore, in case the data
read is less than the data desired, the returned packet was not
zero-allocated (the packet's padding was uninitialized);
for music files the actual data could even be uninitialized.

The former problems are fixed by using av_get_packet() for
non-music files; the latter problem is handled by erroring out
unless both tracks could be fully read.

Reviewed-by: Zane van Iperen <zane@zanevaniperen.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
Andreas Rheinhardt 2021-03-20 07:43:09 +01:00
parent 258a88dfe4
commit 8a73313412

View File

@ -265,29 +265,25 @@ static int pp_bnk_read_packet(AVFormatContext *s, AVPacket *pkt)
size = FFMIN(trk->data_size - trk->bytes_read, PP_BNK_MAX_READ_SIZE);
if (!ctx->is_music)
ret = av_new_packet(pkt, size);
else if (ctx->current_track == 0)
ret = av_new_packet(pkt, size * 2);
else
ret = 0;
if (!ctx->is_music) {
ret = av_get_packet(s->pb, pkt, size);
if (ret == AVERROR_EOF) {
/* If we've hit EOF, don't attempt this track again. */
trk->data_size = trk->bytes_read;
continue;
}
} else {
if (!pkt->data && (ret = av_new_packet(pkt, size * 2)) < 0)
return ret;
ret = avio_read(s->pb, pkt->data + size * ctx->current_track, size);
if (ret >= 0 && ret != size) {
/* Only return stereo packets if both tracks could be read. */
ret = AVERROR_EOF;
}
}
if (ret < 0)
return ret;
if (ctx->is_music)
ret = avio_read(s->pb, pkt->data + size * ctx->current_track, size);
else
ret = avio_read(s->pb, pkt->data, size);
if (ret == AVERROR_EOF) {
/* If we've hit EOF, don't attempt this track again. */
trk->data_size = trk->bytes_read;
continue;
} else if (ret < 0) {
return ret;
}
trk->bytes_read += ret;
pkt->flags &= ~AV_PKT_FLAG_CORRUPT;
pkt->stream_index = ctx->current_track;
@ -298,8 +294,6 @@ static int pp_bnk_read_packet(AVFormatContext *s, AVPacket *pkt)
continue;
pkt->stream_index = 0;
} else {
pkt->size = ret;
}
ctx->current_track++;