[FFmpeg-devel] [PATCH] avformat/aacdec: Fix leak in adts_aac_read_packet()

James Almer jamrial at gmail.com
Sat Nov 25 20:42:16 EET 2017


On 11/25/2017 3:30 PM, Michael Niedermayer wrote:
> Fixes: chromium-773637/clusterfuzz-testcase-minimized-6418078673141760
> 
> Found-by: ossfuzz/chromium
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavformat/aacdec.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/libavformat/aacdec.c b/libavformat/aacdec.c
> index 364b33404f..101e8dbea5 100644
> --- a/libavformat/aacdec.c
> +++ b/libavformat/aacdec.c
> @@ -139,7 +139,13 @@ static int adts_aac_read_packet(AVFormatContext *s, AVPacket *pkt)
>          return AVERROR_INVALIDDATA;
>      }
>  
> -    return av_append_packet(s->pb, pkt, fsize - ADTS_HEADER_SIZE);
> +    ret = av_append_packet(s->pb, pkt, fsize - ADTS_HEADER_SIZE);
> +    if (ret < 0) {
> +        av_packet_unref(pkt);
> +        return AVERROR_INVALIDDATA;

Why not just let the line below return ret?

> +    }
> +
> +    return ret;
>  }
>  
>  AVInputFormat ff_aac_demuxer = {
> 

LGTM either way.


More information about the ffmpeg-devel mailing list