From 2620df13104ddaa136158eb6bb1195adbf9d7692 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Mon, 13 Jan 2014 14:46:07 +0200 Subject: [PATCH] mov: Free an earlier allocated array if allocating a new one MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It could probably also be considered an error if the pointer isn't null at this point, but then we might risk rejecting some slightly broken files that we might have handled so far. Sample-Id: 00000496-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö --- libavformat/mov.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index b7823bf2f6..b5019f5863 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1717,6 +1717,7 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (entries >= UINT_MAX / sizeof(*sc->stts_data)) return AVERROR(EINVAL); + av_free(sc->stts_data); sc->stts_data = av_malloc(entries * sizeof(*sc->stts_data)); if (!sc->stts_data) return AVERROR(ENOMEM);