RepoMirrors/mpv
1
0
Fork 0
mirror of https://github.com/mpv-player/mpv synced 2025-02-16 12:17:12 +00:00
Code Issues Releases Wiki Activity

demux_mkv: fix memory leak on invalid blocks

Browse Source 
It is possible to have data with empty block that contains additions. In
which case the block would not be added and the additions would leak.

Found by fuzzing.
This commit is contained in:
Kacper Michajłow 2024-01-27 23:26:14 +01:00 committed by Dudemanguy
parent 5c252715bd
commit 4419e5c41b
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
demux/demux_mkv.c
View File

@ -2979,20 +2979,22 @@ static int read_next_block_into_queue(demuxer_t *demuxer)
if (end > mkv_d->cluster_end) if (end > mkv_d->cluster_end)
goto find_next_cluster; goto find_next_cluster;
int res = read_block_group(demuxer, end, &block); int res = read_block_group(demuxer, end, &block);
if (res < 0)
goto find_next_cluster;
if (res > 0) if (res > 0)
goto add_block; goto add_block;
free_block(&block);
if (res < 0)
goto find_next_cluster;
break; break;
} }
case MATROSKA_ID_SIMPLEBLOCK: { case MATROSKA_ID_SIMPLEBLOCK: {
block = (struct block_info){ .simple = true }; block = (struct block_info){ .simple = true };
int res = read_block(demuxer, mkv_d->cluster_end, &block); int res = read_block(demuxer, mkv_d->cluster_end, &block);
if (res < 0)
goto find_next_cluster;
if (res > 0) if (res > 0)
goto add_block; goto add_block;
free_block(&block);
if (res < 0)
goto find_next_cluster;
break; break;
} }