avformat/pp_bnk: Fix memleaks when reading non-stereo tracks

Commit 6973df112275c8ea4af0bf3cb1338baecc1d06b3 added support for music tracks by outputting its two containing tracks together in one packet. But the actual data is not contiguous in the file and therefore one can't simply use av_get_packet() (which has been used before) for it. Therefore the packet was now allocated via av_new_packet() and read via avio_read(); and this is also for non-music files. This causes problems because one can now longer rely on things done automatically by av_get_packet(): It automatically freed the packet in case of errors; this lead to memleaks in several FATE-tests covering this demuxer. Furthermore, in case the data read is less than the data desired, the returned packet was not zero-allocated (the packet's padding was uninitialized); for music files the actual data could even be uninitialized. The former problems are fixed by using av_get_packet() for non-music files; the latter problem is handled by erroring out unless both tracks could be fully read. Reviewed-by: Zane van Iperen <zane@zanevaniperen.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2025-02-04 06:08:26 +02:00 · 2021-03-20 07:43:09 +01:00 · 2021-03-20 07:43:09 +01:00 · 8a73313412
commit 8a73313412
parent 258a88dfe4
1 changed files with 16 additions and 22 deletions
--- a/libavformat/pp_bnk.c
+++ b/libavformat/pp_bnk.c
@ -265,29 +265,25 @@ static int pp_bnk_read_packet(AVFormatContext *s, AVPacket *pkt)

        size = FFMIN(trk->data_size - trk->bytes_read, PP_BNK_MAX_READ_SIZE);

-        if (!ctx->is_music)
-            ret = av_new_packet(pkt, size);
-        else if (ctx->current_track == 0)
-            ret = av_new_packet(pkt, size * 2);
-        else
-            ret = 0;
-
+        if (!ctx->is_music) {
+            ret = av_get_packet(s->pb, pkt, size);
+            if (ret == AVERROR_EOF) {
+                /* If we've hit EOF, don't attempt this track again. */
+                trk->data_size = trk->bytes_read;
+                continue;
+            }
+        } else {
+            if (!pkt->data && (ret = av_new_packet(pkt, size * 2)) < 0)
+                return ret;
+            ret = avio_read(s->pb, pkt->data + size * ctx->current_track, size);
+            if (ret >= 0 && ret != size) {
+                /* Only return stereo packets if both tracks could be read. */
+                ret = AVERROR_EOF;
+            }
+        }
        if (ret < 0)
            return ret;

-        if (ctx->is_music)
-            ret = avio_read(s->pb, pkt->data + size * ctx->current_track, size);
-        else
-            ret = avio_read(s->pb, pkt->data, size);
-
-        if (ret == AVERROR_EOF) {
-            /* If we've hit EOF, don't attempt this track again. */
-            trk->data_size = trk->bytes_read;
-            continue;
-        } else if (ret < 0) {
-            return ret;
-        }
-
        trk->bytes_read    += ret;
        pkt->flags         &= ~AV_PKT_FLAG_CORRUPT;
        pkt->stream_index   = ctx->current_track;
@ -298,8 +294,6 @@ static int pp_bnk_read_packet(AVFormatContext *s, AVPacket *pkt)
                continue;

            pkt->stream_index = 0;
-        } else {
-            pkt->size = ret;
        }

        ctx->current_track++;