When parsing MXF encountering some tags leads to allocations. And when
these tags were encountered repeatedly, this could lead to memleaks,
because the pointer to the old data got simply overwritten with a
pointer to the new data (or to NULL on allocation failure). This has
been fixed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
---
libavformat/mxfdec.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 3016885e75..f0975f409e 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -850,6 +850,7 @@ static int mxf_read_cryptographic_context(void *arg,
AVIOContext *pb, int tag, i
static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count)
{
*count = avio_rb32(pb);
+ av_free(*refs);
*refs = av_calloc(*count, sizeof(UID));
if (!*refs) {
*count = 0;
@@ -903,10 +904,8 @@ static int mxf_read_content_storage(void *arg, AVIOContext
*pb, int tag, int siz
case 0x1901:
if (mxf->packages_refs)
av_log(mxf->fc, AV_LOG_VERBOSE, "Multiple packages_refs\n");
- av_free(mxf->packages_refs);
return mxf_read_strong_ref_array(pb, &mxf->packages_refs,
&mxf->packages_count);
case 0x1902:
- av_free(mxf->essence_container_data_refs);
return mxf_read_strong_ref_array(pb,
&mxf->essence_container_data_refs, &mxf->essence_container_data_count);
}
return 0;
--
2.20.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
