From 5db4c91ef57927213adc5e4e0a5006f7bddde195 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com>
Date: Fri, 9 Nov 2018 06:31:36 +0100
Subject: [PATCH] h264_redundant_pps: Fix memleak in case of errors

Now the fragment is uninitialized and the input packet freed in case of
errors.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com>
Signed-off-by: Mark Thompson <sw@jkqxz.net>
(cherry picked from commit 40b74abfca39bf514333c3ebb6d6e946975057c3)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavcodec/h264_redundant_pps_bsf.c | 40 +++++++++++++++++++----------
 1 file changed, 26 insertions(+), 14 deletions(-)

diff --git a/libavcodec/h264_redundant_pps_bsf.c b/libavcodec/h264_redundant_pps_bsf.c
index af247eef21..0b7888c97e 100644
--- a/libavcodec/h264_redundant_pps_bsf.c
+++ b/libavcodec/h264_redundant_pps_bsf.c
@@ -80,7 +80,7 @@ static int h264_redundant_pps_filter(AVBSFContext *bsf, AVPacket *out)
 
     err = ff_cbs_read_packet(ctx->input, au, in);
     if (err < 0)
-        return err;
+        goto fail;
 
     au_has_sps = 0;
     for (i = 0; i < au->nb_units; i++) {
@@ -89,11 +89,15 @@ static int h264_redundant_pps_filter(AVBSFContext *bsf, AVPacket *out)
         if (nal->type == H264_NAL_SPS)
             au_has_sps = 1;
         if (nal->type == H264_NAL_PPS) {
-            h264_redundant_pps_fixup_pps(ctx, nal->content);
+            err = h264_redundant_pps_fixup_pps(ctx, nal->content);
+            if (err < 0)
+                goto fail;
             if (!au_has_sps) {
                 av_log(bsf, AV_LOG_VERBOSE, "Deleting redundant PPS "
                        "at %"PRId64".\n", in->pts);
-                ff_cbs_delete_unit(ctx->input, au, i);
+                err = ff_cbs_delete_unit(ctx->input, au, i);
+                if (err < 0)
+                    goto fail;
             }
         }
         if (nal->type == H264_NAL_SLICE ||
@@ -105,17 +109,21 @@ static int h264_redundant_pps_filter(AVBSFContext *bsf, AVPacket *out)
 
     err = ff_cbs_write_packet(ctx->output, out, au);
     if (err < 0)
-        return err;
+        goto fail;
 
-    ff_cbs_fragment_uninit(ctx->output, au);
 
     err = av_packet_copy_props(out, in);
     if (err < 0)
-        return err;
+        goto fail;
 
+    err = 0;
+fail:
+    ff_cbs_fragment_uninit(ctx->output, au);
     av_packet_free(&in);
+    if (err < 0)
+        av_packet_unref(out);
 
-    return 0;
+    return err;
 }
 
 static int h264_redundant_pps_init(AVBSFContext *bsf)
@@ -138,25 +146,29 @@ static int h264_redundant_pps_init(AVBSFContext *bsf)
         err = ff_cbs_read_extradata(ctx->input, au, bsf->par_in);
         if (err < 0) {
             av_log(bsf, AV_LOG_ERROR, "Failed to read extradata.\n");
-            return err;
+            goto fail;
         }
 
         for (i = 0; i < au->nb_units; i++) {
-            if (au->units[i].type == H264_NAL_PPS)
-                h264_redundant_pps_fixup_pps(ctx, au->units[i].content);
+            if (au->units[i].type == H264_NAL_PPS) {
+                err = h264_redundant_pps_fixup_pps(ctx, au->units[i].content);
+                if (err < 0)
+                    goto fail;
+            }
         }
 
         ctx->extradata_pic_init_qp = ctx->current_pic_init_qp;
         err = ff_cbs_write_extradata(ctx->output, bsf->par_out, au);
         if (err < 0) {
             av_log(bsf, AV_LOG_ERROR, "Failed to write extradata.\n");
-            return err;
+            goto fail;
         }
-
-        ff_cbs_fragment_uninit(ctx->output, au);
     }
 
-    return 0;
+    err = 0;
+fail:
+    ff_cbs_fragment_uninit(ctx->output, au);
+    return err;
 }
 
 static void h264_redundant_pps_flush(AVBSFContext *bsf)