From a9271286171e069daea4726274a36a94e3f77d03 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 20 Oct 2020 22:56:13 +0200 Subject: [PATCH] avformat/ffmetadec: finalize AVBPrint on errors Fixes: memleak Fixes: 26450/clusterfuzz-testcase-minimized-ffmpeg_dem_FFMETADATA_fuzzer-6249850443923456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer --- libavformat/ffmetadec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavformat/ffmetadec.c b/libavformat/ffmetadec.c index 0ea89fe3f3..9fcba08490 100644 --- a/libavformat/ffmetadec.c +++ b/libavformat/ffmetadec.c @@ -185,7 +185,7 @@ static int read_header(AVFormatContext *s) AVStream *st = avformat_new_stream(s, NULL); if (!st) - return AVERROR(ENOMEM); + goto nomem; st->codecpar->codec_type = AVMEDIA_TYPE_DATA; st->codecpar->codec_id = AV_CODEC_ID_FFMETADATA; @@ -195,7 +195,7 @@ static int read_header(AVFormatContext *s) AVChapter *ch = read_chapter(s); if (!ch) - return AVERROR(ENOMEM); + goto nomem; m = &ch->metadata; } else @@ -211,6 +211,10 @@ static int read_header(AVFormatContext *s) AV_TIME_BASE_Q); return 0; +nomem: + av_bprint_finalize(&bp, NULL); + + return AVERROR(ENOMEM); } static int read_packet(AVFormatContext *s, AVPacket *pkt)