Browse code
avformat/4xm: Cleanup on GET_LIST_HEADER() failure
Fixes: memleak
Fixes: 23142/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5932860820422656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2020/06/08 04:35:43Showing 1 changed files
| ... | ... |
@@ -59,8 +59,10 @@ |
| 59 | 59 |
#define GET_LIST_HEADER() \ |
| 60 | 60 |
fourcc_tag = avio_rl32(pb); \ |
| 61 | 61 |
size = avio_rl32(pb); \ |
| 62 |
- if (fourcc_tag != LIST_TAG) \ |
|
| 63 |
- return AVERROR_INVALIDDATA; \ |
|
| 62 |
+ if (fourcc_tag != LIST_TAG) { \
|
|
| 63 |
+ ret = AVERROR_INVALIDDATA; \ |
|
| 64 |
+ goto fail; \ |
|
| 65 |
+ } \ |
|
| 64 | 66 |
fourcc_tag = avio_rl32(pb); |
| 65 | 67 |
|
| 66 | 68 |
typedef struct AudioTrack {
|
| ... | ... |
@@ -210,7 +212,7 @@ static int fourxm_read_header(AVFormatContext *s) |
| 210 | 210 |
unsigned int size; |
| 211 | 211 |
int header_size; |
| 212 | 212 |
FourxmDemuxContext *fourxm = s->priv_data; |
| 213 |
- unsigned char *header; |
|
| 213 |
+ unsigned char *header = NULL; |
|
| 214 | 214 |
int i, ret; |
| 215 | 215 |
|
| 216 | 216 |
fourxm->track_count = 0; |