The branch, master has been updated
via 3bf8bf965fb69f873e52d34a85d1ecb722a9fe7f (commit)
via cd83161ff66876756674e61eded8ff350aca2e28 (commit)
from 6711c6a89b31bb59cefd9f2e71806a95fb98efbf (commit)
- Log -----------------------------------------------------------------
commit 3bf8bf965fb69f873e52d34a85d1ecb722a9fe7f
Author: Kacper MichajÅow <[email protected]>
AuthorDate: Wed Aug 6 00:36:10 2025 +0200
Commit: James Almer <[email protected]>
CommitDate: Mon Aug 11 01:25:05 2025 +0000
avformat/mov: clear old name from infe
heif_items are reused and to avoid leaking memory or using stale name,
clear it first.
Fixes:
432505829/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6654363487764480
Found-by: OSS-Fuzz
Signed-off-by: Kacper MichajÅow <[email protected]>
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 94b741f056..86037c6712 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -8957,6 +8957,7 @@ static int mov_read_infe(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
return AVERROR(ENOMEM);
}
+ av_freep(&item->name);
av_bprint_finalize(&item_name, ret ? &item->name : NULL);
item->item_id = item_id;
item->type = item_type;
commit cd83161ff66876756674e61eded8ff350aca2e28
Author: Leo Izen <[email protected]>
AuthorDate: Sat Aug 9 22:41:22 2025 -0400
Commit: Leo Izen <[email protected]>
CommitDate: Sun Aug 10 13:23:33 2025 -0400
avcodec/vp9: fix leaked cbs fragment AVBufferRef
When this function returns, the fragment is never reset, so
current_frag->data_ref is never unref-ed, which ends up leaking it.
We call ff_cbs_fragment_reset to release the reference on its buffer.
Signed-off-by: Leo Izen <[email protected]>
diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index 47fabf98e3..d0d0238c2c 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -1679,8 +1679,6 @@ static int vp9_decode_frame(AVCodecContext *avctx,
AVFrame *frame,
&s->s.frames[CUR_FRAME] :
&s->s.ref_frames[i]);
}
- ff_cbs_fragment_reset(&s->current_frag);
-
goto finish;
}
@@ -1805,6 +1803,8 @@ static int vp9_decode_frame(AVCodecContext *avctx,
AVFrame *frame,
}
finish:
+ ff_cbs_fragment_reset(&s->current_frag);
+
ff_progress_frame_report(&s->s.frames[CUR_FRAME].tf, INT_MAX);
// ref frame setup
for (int i = 0; i < 8; i++)
-----------------------------------------------------------------------
Summary of changes:
libavcodec/vp9.c | 4 ++--
libavformat/mov.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
hooks/post-receive
--
_______________________________________________
ffmpeg-cvslog mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
