mov_read_custom tries to read three strings belonging to three different
tags. When an already encountered tag is encountered again, a new buffer
for the string to be read is allocated and stored in the pointer
destined for this particular tag. But in this scenario, said pointer
already holds the address of the string read earlier, leading to a leak.
This commit aborts therefore aborts the reading process upon
encountering an already encountered tag.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
---
I don't know if one should error out in this scenario or not; or one
could continue (i.e. use the already existing tag) or free the old one
and use the new one. But this loop is only executed three times and all
three tags need to be present for them to be of any use, so simply using
continue in the scenario here would not be useful.
libavformat/mov.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 47bbb3697d..a59c804d16 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4434,6 +4434,9 @@ static int mov_read_custom(MOVContext *c, AVIOContext
*pb, MOVAtom atom)
} else
break;
+ if (*p)
+ break;
+
*p = av_malloc(len + 1);
if (!*p) {
ret = AVERROR(ENOMEM);
--
2.20.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
