avformat/mov: Fix memleak in dref reading

Fixes: leak in mov_read_dref() Fixes: 26698/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5638785444085760 Fixes: 27554/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6256643054239744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-30 21:44:12 +01:00 · 2020-10-30 21:44:12 +01:00 · 3b8a263c4f
parent 3c922681c3
commit 3b8a263c4f
1 changed files with 5 additions and 0 deletions
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@ -588,6 +588,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
        entries >= UINT_MAX / sizeof(*sc->drefs))
        return AVERROR_INVALIDDATA;

+    for (i = 0; i < sc->drefs_count; i++) {
+        MOVDref *dref = &sc->drefs[i];
+        av_freep(&dref->path);
+        av_freep(&dref->dir);
+    }
    av_free(sc->drefs);
    sc->drefs_count = 0;
    sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));