[FFmpeg-devel] [PATCH] avoid double-free on ffmdec open fail

[Reimar Döffinger]

Hello,
currently ffmdec for some reason tries to free the streams it created
on its own, which causes issues like double frees etc. when the
av_close_input_stream does the same.
This patch removes the useless and wrong code and also uses more
appropriate return values.
Index: libavformat/ffmdec.c
===================================================================
--- libavformat/ffmdec.c        (revision 24477)
+++ libavformat/ffmdec.c        (working copy)
@@ -264,10 +264,10 @@
     /* header */
     tag = get_le32(pb);
     if (tag != MKTAG('F', 'F', 'M', '1'))
-        goto fail;
+        return AVERROR_INVALIDDATA;
     ffm->packet_size = get_be32(pb);
     if (ffm->packet_size != FFM_PACKET_SIZE)
-        goto fail;
+        return AVERROR_INVALIDDATA;
     ffm->write_index = get_be64(pb);
     /* get also filesize */
     if (!url_is_streamed(pb)) {
@@ -286,7 +286,7 @@
 
         st = av_new_stream(s, 0);
         if (!st)
-            goto fail;
+            return AVERROR(ENOMEM);
 
         av_set_pts_info(st, 64, 1, 1000000);
 
@@ -357,7 +357,7 @@
             codec->sample_fmt = (int16_t) get_le16(pb);
             break;
         default:
-            goto fail;
+            return AVERROR_INVALIDDATA;
         }
         if (codec->flags & CODEC_FLAG_GLOBAL_HEADER) {
             codec->extradata_size = get_be32(pb);
@@ -380,14 +380,6 @@
     ffm->read_state = READ_HEADER;
     ffm->first_packet = 1;
     return 0;
- fail:
-    for(i=0;i<s->nb_streams;i++) {
-        st = s->streams[i];
-        if (st) {
-            av_free(st);
-        }
-    }
-    return -1;
 }
 
 /* return < 0 if eof */