On Sun, 14 Jun 2020, Michael Niedermayer wrote:
Alternatively we could free the already allocated element
Yeah, I kind of prefer that, we potentially allow non-string values to occur multiple times, so I'd say let's allow string values as well, even if that is not common. (I am not sure if it is strictly invalid or just uncommon).
Regards, Marton
Fixes: memleak Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mxfdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index a60bdfeade..3b354864d9 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -867,6 +867,8 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i return AVERROR(EINVAL); buf_size = size + size / 2 + 1; + if (*str) + return AVERROR_INVALIDDATA; *str = av_malloc(buf_size); if (!*str) return AVERROR(ENOMEM); -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
_______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
